HomeGuidesAPI ReferenceChangelog
Terms of Use
API Reference

OAuth / Token Exchange

Exchange long-lived client credentials for a short-lived bearer access token per RFC 6749 Section 4.4 (Client Credentials Grant).

Client authentication. Two methods are supported (RFC 6749 Section 2.3):

  • HTTP Basic (recommended): send client_id:client_secret Base64-encoded in the Authorization: Basic ... header. The request body must contain only grant_type=client_credentials.
  • POST body: include client_id and client_secret in the request body alongside grant_type=client_credentials.

Sending credentials via both methods in the same request is rejected with invalid_request.

Request format. Both application/x-www-form-urlencoded and application/json are accepted.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

Token exchange request body. Per RFC 6749 Section 4.4, the client may authenticate either via HTTP Basic authentication (recommended) or by including client_id and client_secret in the request body alongside grant_type.

string
enum
required

OAuth 2.0 grant type. Per RFC 6749 Section 4.4, only client_credentials is supported for machine-to-machine integrations.

Allowed:
string

The client identifier. Required when client credentials are sent in the request body instead of via HTTP Basic authentication.

string

The client secret. Required when client credentials are sent in the request body instead of via HTTP Basic authentication.

Headers
string
enum
Defaults to application/json

Generated from available request content types

Allowed:
Responses

404

The OAuth token exchange endpoint is not enabled on this tenant.

Language
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json