Client Credentials Flow

The Client Credentials flow is designed for server-to-server communication where there is no user context. Your application authenticates using its own credentials.

Request Access Token

Make a POST request to the token endpoint:

POST /oauth/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic BASE64(client_id:client_secret)

grant_type=client_credentials
&scope=integrations:read shop:read

Or include credentials in the body:

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&scope=integrations:read shop:read

Response

{
    "access_token": "eyJhbGciOiJIUzI1NiIs...",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "integrations:read shop:read"
}

Note: Client Credentials flow does not return a refresh token. Request a new access token when the current one expires.

Available Scopes

Client Credentials flow is limited to certain scopes that don't require user context:

integrations:read - Read integration data
integrations:write - Modify integrations
shop:read - Read shop catalog data
orders:read - Read order data

Example: cURL

curl -X POST https://oauth.clubpulse.app/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=shop:read"