OAuth 2.0 Client Credential Grant Flow
Private Apps
The Client Credentials Grant authentication method involves a client application, typically used in machine-to-machine integrations, providing its own credentials (such as a client ID and client secret) to authenticate with the authorization server. This flow is commonly used for private or backend integrations, where the application is trusted and does not act on behalf of a specific user. Instead, it accesses resources that are owned or managed by the client itself. This method allows the application to directly obtain an access token without user interaction.
Flow
- Request for a token using your applications
client_id
andclient_secret
- Event Temple validates the client_id and client_secret
- Event Temple responds with an access token
- The application can use the access token to call the API for resources belonging to the user
Send request for an access token
To obtain an access token, you need to provide your application's credentials for an access_token
. Send a POST request to Event Temple's token URL: https://api.eventtemple.com/oauth/token.
The body of the request contains the following JSON-encoded fields:
client_id | An identifier for your integration, found in the integration settings |
client_secret | A secret for your integration, found in the integration settings |
grant_type | The string "client_credentials" |
scope | Provides a way to limit the amount of access that is granted to an access token. |
POST /oauth/token HTTP/1.1
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "uVTumYkz_DvMqgPS-YFIzk2DozVg5BoaQVhZSGt4KPs",
"client_secret": "pQLvHUnyhejIdYbqgo4SkPS__tX4bgp3y-6fjEINfF8",
"scope": "crm_read crm_manage"
}
Making Requests with Access Token
Once you have obtained an access token using the Client Credentials Grant flow, you can use it to make authenticated requests to the Event Temple API. These requests return resources associated with the authenticated application and organization.
To authenticate a request, include the access token in the Authorization header using the Bearer scheme. You must also optionally include the ID of the organization whose data you are accessing.
Access tokens issued through this flow expire after 2 hours. When the token expires, the application must re-authenticate with its client credentials to obtain a new token.
Obtaining an API Org ID
Many API end points require you to pass an API Org ID header with your request.
The Org ID header specifies the organization within the chain that the request is made against.
You can find the API Org ID for a specific organization from the
Settings > Overview
page for that organization. Alternatively you can use the organizations API to get a list of organizations and their associated API Org ID within the chain.
Here's an example request using the curl command-line tool:
GET https://api.eventtemple.com/v2/bookings HTTP/1.1
Authorization: Bearer <access_token>
X-API-ORG: <api_org_id>
Updated 26 days ago