Client Credentials Flow

Client credentials flow corresponds to the use case of interacting with your own data with no user interaction.  For this flow, HCSS will provide you with 3 pieces of information:client_id,client_secret, and one or more scopes.  To get a token, make a form-url-encoded POST to the/connect/token endpoint of our Identity API.  Here is an example in cURL:

curl --request POST
    --url ''
    --header 'Content-Type: application/x-www-form-urlencoded'
    --data-urlencode 'grant_type=client_credentials'   
    --data-urlencode 'client_id=YOUR_CLIENT_ID'
    --data-urlencode 'client_secret=YOUR_CLIENT_SECRET'
    --data-urlencode 'scope=YOUR_SCOPES'

Note: if you're using windows, you need to replace single quotes ' with double quotes " for the sample to work.

The client_id andclient_secret will be provided by HCSS.  Thescope parameter is a space-separated string of scopes that HCSS provides as well.  For example, if your application needs read-only data from the Skills API and HeavyJob API, your scope parameter will be'scope=heavyjob:read skills:read'.

If the request was successful, you will receive anaccess_token and can now make an API call!

For a more detailed overview of client credentials flow, check out the docs on auth0.