Use this flow, when you need to make API calls with all access rights.
The generation of the access token requires the client secret information. It must be done from a secure backend to not expose confidential secrets.
How it works
Example
Token Request
Directly request an access token.
curl -X 'POST' \
'https://demo.unidy.de/oauth/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "ileuI8NDtt1WXEdp6xzekX7o7Sjp-m0lnQbWetmR4iQ",
"client_secret": "<CLIENT_SECRET>",
"grant_type": "client_credentials",
"scope": "admin:read admin:write"
}'The response from the server has the following JSON format
{
"access_token":"<ACCESS_TOKEN>",
"token_type":"Bearer",
"expires_in":7200,
"scope":"tickets:read tickets:write",
"created_at":1234567890
}