All Categories
Technical Documentation
OIDC Client Credential Flow

OIDC Client Credential Flow

Last updated on January 30, 2025

Use this flow, when you need to make API calls with all access rights.

The generation of the access token requires the client secret information. It must be done from a secure backend to not expose confidential secrets.

How it works

Notion image

Example

Token Request

Directly request an access token.

curl -X 'POST' \\
  '<https://demo.unidy.de/oauth/token>' \\
  -H 'accept: application/json' \\
  -H 'Content-Type: application/json' \\
  -d '{
  "client_id": "ileuI8NDtt1WXEdp6xzekX7o7Sjp-m0lnQbWetmR4iQ",
  "client_secret": "<CLIENT_SECRET>",
  "grant_type": "client_credentials",
  "scope": "admin:read admin:write"
}'

The response from the server has the following JSON format

{
  "access_token":"<ACCESS_TOKEN>",
  "token_type":"Bearer",
  "expires_in":7200,
  "scope":"tickets:read tickets:write",
  "created_at":1234567890
}
Did this answer your question?
😞
😐
🤩
Using Unidy REST API OIDC Refresh Token