Talk to our experts

Talk to an expert

OAuth2 Token Endpoint
(Client Credentials)

Jump to:

Request details
Authorization construction
Potential error responses

This endpoint is used to obtain an Access Token using the Client Credentials Grant flow. This flow is typically used for machine-to-machine (M2M) communication where a specific user’s consent is not required, and the client application is acting on its own behalf.

The request targets the OpenID Connect token endpoint for the dx realm.

Request details

Method: POST

URL: https://test.auth.gtt.services/realms/dx/protocol/openid-connect/token

Headers

Header	Value	Description
`Content-Type`	`application/x-www-form-urlencoded`	Required. Specifies the media type of the resource.
`Authorization`	`Basic <TOKEN>`	Required. Contains the Base64 encoded credentials. See “Authorization Construction” below.

Body parameters (x-www-form-urlencoded)

Parameter	Type	Value	Description
`grant_type`	String	`client_credentials`	Required. Defines the OAuth2 flow being used. For server-to-server authentication, this must be set to `client_credentials`.

Authorization construction

The Authorization header uses the Basic schema. The <TOKEN> placeholder in the curl command represents a Base64 encoded string of your Client ID and Client Secret joined by a colon.

Combine your credentials: client_id:client_secret
Base64 encode the resulting string.
Prepend Basic (with a space) to the encoded string.

Example: If Client ID is app1 and Secret isxyz123:

String: app1:xyz123
Base64: YXBwMTp4eXoxMjM=
Final Header: Authorization: Basic YXBwMTp4eXoxMjM=

Example request

curl --location --request POST 'https://test.auth.gtt.services/realms/dx/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic YXBwMTp4eXoxMjM=' \
--data-urlencode 'grant_type=client_credentials'

Example response (success)

Status: 200 OK

{
    "access_token": "eyJhbGciOiJSUz...",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "scope": "email profile"
}

Potential error responses

Status	Error	Description
400	`Bad Request`	Missing `grant_type` or invalid parameters.
401	`Unauthorized`	Invalid Client ID or Client Secret in the Authorization header.