Acquire access token (Client credentials flow)

POST 
/oauth2/token

info

In this documentation, "Username" is synonymous with "client ID" and "Password" is synonymous with "client secret".

The Client Credentials flow is used in server-to-server authentication. Since this flow does not include authorization, only endpoints that do not access user information can be accessed.

Use this flow to acquire a new access token - a string which contains the credentials and permissions that can be used to access resources via the Gardin API.

The process of obtaining a new access token from the client ID and secret is as follows:

1. Combine client ID and secret: Combine the client ID and secret into a single string, separated by a colon (i.e. <CLIENT_ID>:<CLIENT_SECRET>).
2. Base64 encode the client credentials string: Base64-encode the combined string to ensure non-HTTP-compatible characters are encoded into HTTP-compatible characters.
3. Make request to obtain access token: Pass the encoded client credentials string into the request Authorization header in the format Basic <ENCODED_CREDENTIALS>, and set grant_type payload property to client_credentials, before making the request to POST /oauth2/token.
4. Retrieve the access token from the response: Retrieve the full string from the 'access_token' property in the response body.

Here is a Python code example using the requests library:

import base64
import requests

# Replace these placeholders with your actual credentials
client_id = 'your_client_id'
client_secret = 'your_client_secret'

# Step 1: Combine client ID and secret into single string (separated by colon as per HTTP Basic Authentication standard)
credentials = f"{client_id}:{client_secret}"

# Step 2: Base64-encode the string
encoded_credentials = base64.b64encode(credentials.encode('utf-8')).decode('utf-8')

# Step 3: Make request to obtain access token
# Pass encoded client credentials string into the Authorization header.
headers = {
    'Authorization': f'Basic {encoded_credentials}',
    'Content-Type': 'application/x-www-form-urlencoded'
}
token_url = 'https://login.gardin.ag/oauth2/token'

# Additional parameters for the token request
data = {
    'grant_type': 'client_credentials'
}

# Making the POST request to obtain the access token
response = requests.post(token_url, headers=headers, data=data)

# Step 4: Retrieve the access token from the response.
if response.status_code == 200:
    access_token = response.json().get('access_token')
    print(f"Access Token: {access_token}")
else:
    print(f"Failed to obtain access token: {response.status_code}")
    print(response.text)

Request

application/x-www-form-urlencoded

Body

required

grant_type stringrequired

Default value: client_credentials

Must always be set to client_credentials.

Responses

200

Successful login

application/json

Schema

Schema

access_token string

JWT access token.

expires_in number

Number of seconds until token expires.

token_type string

Always has a value of Bearer.

Example (from schema)

{
  "access_token": "string",
  "expires_in": 0,
  "token_type": "string"
}

Example

{
  "access_token": "XXX",
  "expires_in": 3600,
  "token_type": "Bearer"
}

400

Client error

application/json

Schema

Schema

error string

The specific error message.

Example (from schema)

{
  "error": "string"
}

Example

{
  "error": "invalid_client"
}

Loading...