Client Credentials
Available to Private Apps only. Used when there is no third party involved for service calls or on behalf of the user/account
who created the App.
This is a much simpler process to that of the Authorization Code process and is intended for access to non user specific data.
Request an Access Token
We assume that your Private App is authorised to make requests to the API. However, as with the Authorization Code process you must obtain an Access Token to access data within the API.
POST https://[account].evance.me/admin/oauth/token.json
Replace [account]
with the unique identifier for the account and supply for the following parameters
in the body of the request:
client_id
|
Your App's unique API key. |
client_secret
|
Your App's secret key - equivalent to a password. |
grant_type
|
client_credentials
|
Note: Evance also supports supplying the client_id and client_secret via Basic Auth e.g.:
POST https://[client_id]:[client_secret]@[account].evance.me/admin/oauth/token.json
A successful request will receive a JSON response from the server similar to the following:
{
"access_token": "43e213757dd5a224ace6ffc22b8c436219c5830b",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}
You now have an access_token
with a lifespan of 1 hour, with which to make authenticated requests to the
Evance API.
Note: this grant_type
does not deliver a refresh_token
.