Client Credentials
Getting access tokens for Proximie's API using the Client Credentials flow
What is the Client Credentials Flow?
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This may be a device that requires API access to update or to read information. This type of flow in more in line with Servers and Physical devices that don't have a UI login component or a means of logging in via a User.
How does it achieve secure Authorization?
The client needs to authenticate themselves for this request. This is done using additional request parameters Client Id and Client Secret.
Lets break it down
First your app authenticates with the Proximie Auth API using its Client Id and Client Secret. This request is sent to the https://auth.proximie.net/oauth/token endpoint.
| Request Field | Description |
|---|---|
| client_id | Your Client Identifier. This will be paired with the secret to validate access. |
| client_secret | Your application's Client Secret. This is required for confidential applications. |
| grant_type | The type of flow that is being executed. We set this to client_credentials. |
| audience | The API that is being called. For example https://proximie.com/api/v2/ |
The request for Access Tokens.
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=client_id&client_secret=client_secret&audience=proximie" https://auth.proximie.com/oauth/token
Proximie Auth API then validates the Client Id and Client Secret. After validation, the API then responds with an Access Tokens which can now be used to access the Proximie API.
{
"accessToken": "AYjcyMzY3ZDhiNmJkNTY",
"refreshToken": "RjY2NjM5NzA2OWJjuE7c",
"tokenType": "bearer",
"expires": 3600
}
Updated over 2 years ago