Request Tokens

Once you have API Credentials, you can request tokens from our Identity API.

In most cases, you will use the Client Credentials Flow. A successful response from our identity server will contain this in the response body:

HTTP/1.1 200 OK

{
  "access_token":"MTQ0NjJkZ",
  "token_type":"bearer",
  "expires_in":3600,
}

In order to make request to our APIs, the data in the token_type and access_token fields should be combined into one field in the Authorization Header of all future requests you make to our servers.

"authorization": "Bearer MTQ0NjJkZ"

🔄

Try requesting an authorization token from our identity server using the Identity POST Get Auth Token endpoint.

Use a client_id and client_secret pair.

The scope string should contain every scope you would like the token to possess. Each scope in the string should be spaced out, the final string should look similar to this: "product:scope1 product2:scope3".

Only add scopes you have granted to the client or your request will be rejected. An admin can edit these scopes at any time using HCSS Credentials.

The grant_type should be "client_credentials" as you are using a client. You can ignore the code and redirect_uri for now.