Client Credentials
Available to Private Apps only. Used when there is no third party involved for service calls or on behalf of the user/account
who created the App.
This is a much simpler process to that of the Authorization Code process
and is intended for access to non user specific data.
Request an access token
We assume that your Private App is authorised to make requests to the API. However, as with the Authorization Code process you must obtain an Access Token to access data within the API.
There are two available methods for supplying your client credentials:
-
Post parameters
Your client credentials are supplied as post parameters in the body of your request. -
Basic authorization
Your client credentials are supplied as a username and password within the URL.
application/x-www-form-urlencoded
.
Token endpoint
POST https://{account}.evance.me/admin/oauth/token.json
Replace {account}
with the unique identifier for the account.
Post parameters
Supply the following POST parameters in the body of the request:
client_id
Your App's unique API key. |
client_secret
Your App's secret key - equivalent to a password. |
grant_type
Must be set to client_credentials
|
POST /admin/oauth/token.json HTTP/1.1
Host: {account}.evance.me
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
Basic authorization
Evance also supports supplying the client_id
and client_secret
via
Basic Auth.
POST https://{client_id}:{client_secret}@{account}.evance.me/admin/oauth/token.json
Supply the following POST parameters in the body of the request:
grant_type
Must be set to client_credentials
|
POST /admin/oauth/token.json HTTP/1.1
Host: {account}.evance.me
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
Access token
A successful request will receive a JSON response from the server similar to the following:
{
"access_token": "43e213757dd5a224ace6ffc22b8c436219c5830b",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}
You now have an access_token
with a lifespan of 1 hour, with which to make authenticated
requests to the Evance API.
Refresh tokens
This grant_type
does not deliver a refresh_token
.