The OAuth2 Client Credentials flow is ideal for server-to-server interactions, where direct user involvement is not required. In this flow, your application obtains an access token by presenting its client credentials (client ID and secret) to the authorization server. This access token is then included in your API requests to authenticate and authorize access.

Using OAuth2 Client Credentials Flow

1. Obtain Your Client Credentials

   1. To use OAuth2, you’ll need to obtain a Client ID and Client Secret. These will be provided by our support team or generated through your developer portal.

2. Request an Access Token

   1. Using the provided client credentials, your application must make a POST request to the token endpoint. See Request access token for more information.

   2. Token Request:

      1. HTTP Method: POST

      2. Endpoint: /oauth2/token

      3. Request Headers

         1. Content-Type: application/x-www-form-urlencoded
         2. Authorization: Basic xxxxxxxxxxxxxxxxx
            1. Combine your client_id and client_secret into a "client_id:client_secret" string.
            2. Encode the resulting string using Base64.
            3. Add the Authorization HTTP header and set the value to "Basic " plus the encoded string.
            4. Example: Authorization: Basic VmliZXNVc2VyOlBhc3N3b3JkMTIz

      4. Request Body Parameters

         Parameter	Type	Required?	Description
         grant_type	String	Yes	Credential type. Must be client_credentials
         client_id	String	Yes	Your application’s client ID
         client_secret	String	Yes	Your application’s client secret
         scope	String	Yes	The permissions required for this API. Must be https://rbm.vibes.com/rbm.agents

         
         

3. Retrieve and Use the Access Token

   1. If the request is successful, the server will respond with an access token in JSON format. Store this token securely in your application, as it will be used in API requests to authenticate your session.
      1. Example Response
         JSON

         {  
           "access_token": "YOUR_ACCESS_TOKEN",  
           "token_type": "Bearer",  
           "expires_in": 3600  
         }

         1. access_token: The token to use in API requests.
         2. token_type: The type of token, usually Bearer.
         3. expires_in: Time in seconds until the token expires.

4. Authenticate API Requests

   1. Include the access token in the Authorization header for each API request.
   2. Example: Authorization: Bearer YOUR_ACCESS_TOKEN

Token Expiry and Renewal

Access tokens have a limited lifespan (specified in the expires_in field). When your token expires, repeat the token request to obtain a new access token.