# Client Credentials Grant

Warning

These authentication endpoints will be deprecated after June 01^st, 2025. We strongly recommend that you integrate with our new endpoints as soon as possible. The Service Endpoint Migration Guide can be found here.

# Introduction

Client credentials grant is used for authorizing the client and not a specific user.

This is currently only used in the scenario where one creates a signup in the Signup API:

Signup API

https://pagero.github.io/signup-api-doc/

It is described in detail in section 4.4 of the OAuth2 specification.

It consists of the following steps:

The client makes a request to obtain an access_token using the client credentials.
The received access_token can then be used to make API requests.

The different steps are described in detail below.

# Obtaining an access token

To obtain a new access_token, the following URL should be used:

https://auth.pageroonline.com/oauth2/token

Required query parameters:

Parameter	Description
`grant_type`	Should be `client_credentials`.

Required headers:

Header	Description
`Authorization`	Authorization header for basic authorization, where the user should be the client id and password should be the client secret.

# Example

Example with curl
curl https://auth.pageroonline.com/oauth2/token \
  -d grant_type=client_credentials \
  --user 'client_id:client_secret'

The response will contain a JSON body that looks like this:

{
  "scope": "all",
  "access_token": "7367e3e0-eb0a-4abe-95ce-83363c27eaa2",
  "token_type": "bearer",
  "expires_in": 600,
 }

# Making an API request using an access token

When making an API request, the access_token should be provided in an Authentication header as a bearer token.

# Example

Example with curl
curl https://api.pageroonline.com/someresource \
  -H 'Authorization: Bearer 7367e3e0-eb0a-4abe-95ce-83363c27eaa2'