OAuth 2.0 Client Credentials Grant
This topic demonstrates how to generate an access token using Client Credentials Grant authentication.
Step 1 - Obtain the access token
To begin the Client Credentials Grant flow, your application will need to call the OpenView authorization URI, and pass the parameters below on the body of your request:
- grant_type (required)
- client_id (required)
- client_secret (required)
Example request:
POST Base URI: https://api-uat.vtopenview.com/oauth2/token
grant_type=client_credentials
&client_id=YOUR_INTEGRATION_KEY
&client_secret=YOUR_SECRET_KEY
Example response:
HTTPS 200 OK
Content-Type: application/json
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ghNNBiuyUYUN",
"token_type":"bearer",
"expires_in":3600,
"created_at":"2024-01-10T11:39:39.12"
}
Step 2 - Use the access token to make an API call
Now that you've obtained an access token, your application is authenticated and has all of the information that it needs to make a call to the OpenView API.
To make an OpenView API request, you must include:
- The acquired access token in the request's Authorization header.
Example request to OpenView API:
curl -- GET Base URI: https://api-uat.vtopenview.com/properties
--header "Authorization: Bearer MTQ0NjJkZmQ5OTM2NDE1ghNNBiuyUYUN"
Access Token expired
If your access token is expired, you will get the 401 (Unauthorized) error. You must do the step 1 and 2 again to get a new access token and authenticate to our platform.
Error response
If error is encountered, the response will have this content. The errors code we will return on response will be:
- 400 (Bad Request): The request is missing a parameter so the server can’t proceed with the request. This may also be returned if the request includes an unsupported parameter or repeats a parameter.
- 401 (Unauthorized): Client authentication failed, such as if the request contains an invalid Client Id or Secret.
- 500 (Internal Server Error): Error on our server, so we won't be able to proceed with the request.
Example error response:
HTTPS 401 Unauthorized
Content-Type: application/json
{
"error_code": 401,
"error": "invalid_client",
"error_description": "authentication failed. verify if your client_id and secret_id is valid."
}