OAuth 2.0 Client Credential Grant Flow

Private Apps

The Client Credentials Grant authentication method involves a client application, typically used in machine-to-machine integrations, providing its own credentials (such as a client ID and client secret) to authenticate with the authorization server. This flow is commonly used for private or backend integrations, where the application is trusted and does not act on behalf of a specific user. Instead, it accesses resources that are owned or managed by the client itself. This method allows the application to directly obtain an access token without user interaction.

Flow

  1. Request for a token using your applications client_id and client_secret
  2. Event Temple validates the client_id and client_secret
  3. Event Temple responds with an access token
  4. The application can use the access token to call the API for resources belonging to the user

Send request for an access token

To obtain an access token, you need to provide your application's credentials for an access_token. Send a POST request to Event Temple's token URL: https://api.eventtemple.com/oauth/token.

The body of the request contains the following JSON-encoded fields:

client_idAn identifier for your integration, found in the integration settings
client_secretA secret for your integration, found in the integration settings
grant_typeThe string "client_credentials"
scopeProvides a way to limit the amount of access that is granted to an access token.
POST /oauth/token HTTP/1.1  
Content-Type: application/json

{
  "grant_type": "client_credentials",
  "client_id": "uVTumYkz_DvMqgPS-YFIzk2DozVg5BoaQVhZSGt4KPs",
  "client_secret": "pQLvHUnyhejIdYbqgo4SkPS__tX4bgp3y-6fjEINfF8",
  "scope": "crm_read crm_manage"
}

Making Requests with Access Token

Once you have obtained an access token using the Client Credentials Grant flow, you can use it to make authenticated requests to the Event Temple API. These requests return resources associated with the authenticated application and organization.

To authenticate a request, include the access token in the Authorization header using the Bearer scheme. You must also optionally include the ID of the organization whose data you are accessing.

Access tokens issued through this flow expire after 2 hours. When the token expires, the application must re-authenticate with its client credentials to obtain a new token.

📘

Obtaining an API Org ID

Many API end points require you to pass an API Org ID header with your request.

The Org ID header specifies the organization within the chain that the request is made against.

You can find the API Org ID for a specific organization from theSettings > Overviewpage for that organization. Alternatively you can use the organizations API to get a list of organizations and their associated API Org ID within the chain.

Here's an example request using the curl command-line tool:

GET https://api.eventtemple.com/v2/bookings HTTP/1.1
Authorization: Bearer <access_token>
X-API-ORG: <api_org_id>