Client Credentials

Available to Private Apps only. Used when there is no third party involved for service calls or on behalf of the user/account who created the App.

This is a much simpler process to that of the Authorization Code process and is intended for access to non user specific data.

Request an Access Token

We assume that your Private App is authorised to make requests to the API. However, as with the Authorization Code process you must obtain an Access Token to access data within the API.

POST https://[account].evance.me/admin/oauth/token.json

Replace [account] with the unique identifier for the account and supply for the following parameters in the body of the request:

client_id Your App's unique API key.
client_secret Your App's secret key - equivalent to a password.
grant_type client_credentials


Note: Evance also supports supplying the client_id and client_secret via Basic Auth e.g.:

POST https://[client_id]:[client_secret]@[account].evance.me/admin/oauth/token.json

A successful request will receive a JSON response from the server similar to the following:

{
    "access_token": "43e213757dd5a224ace6ffc22b8c436219c5830b",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null
}


You now have an access_token with a lifespan of 1 hour, with which to make authenticated requests to the Evance API.

Note: this grant_type does not deliver a refresh_token