post
https://{tenantUrl}/public-api/oauth/token
Exchange long-lived client credentials for a short-lived bearer access token per RFC 6749 Section 4.4 (Client Credentials Grant).
Client authentication. Two methods are supported (RFC 6749 Section 2.3):
- HTTP Basic (recommended): send
client_id:client_secretBase64-encoded in theAuthorization: Basic ...header. The request body must contain onlygrant_type=client_credentials. - POST body: include
client_idandclient_secretin the request body alongsidegrant_type=client_credentials.
Sending credentials via both methods in the same request is rejected with invalid_request.
Request format. Both application/x-www-form-urlencoded and application/json are accepted.
Recent Requests
Log in to see full request history
| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requests… | |||
Loading…
404The OAuth token exchange endpoint is not enabled on this tenant.