Authenticating via the client credentials method
Use Case
The client credentials method is strictly limited to server-to-server calls.
Authentication Steps
The client_credentials method allows access without requiring approval from an end user. This access is generic and non-personalized. Since there is no validation of a username and password combination, this method is limited to cases where the third party (your application) can securely store the application's registration data.
Here are the general steps:
- Step 1: Provide the application's registration information.
- Step 2: Receive an access token.
Step 1: Provide the application's credentials
Make a POST request to https://{api_base_url}/{client_token}/oauth/v2/token with the following parameters:
| Parameter | Location | Description |
|---|---|---|
api_base_url | Query | The API URL you want to use. It varies depending on integration and production environments. |
client_token | Query | Each club chain has a Resamania identifier called client_token. |
grant_type | Body | The method name, which should be set to client_credentials. |
client_id | Body | Each registered application has an identifier with the OAuth server called client_id. |
client_secret | Body | Each registered application has a secret string with the OAuth server called client_secret. |
Example Request
bash
curl --location 'https://{api_base_url}/{client_token}/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=123_xxxxxxxxxxxxxxxxx' \
--data-urlencode 'client_secret=******************' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'refresh_token=N2E2YzcwYWYxN...'Step 2 - Receive the access token
The OAuth server API responds with the following information:
json5
{
"access_token":"{access_token}",
"expires_in":{expires_in},
"token_type":"bearer",
"scope":{scope},
"refresh_token":"{refresh_token}"
}| Parameter | description |
|---|---|
access_token | The JWT token required for any request to the Resamania API. |
expires_in | The validity duration of the access token in seconds. |
token_type | The type of access token, which for Resamania is always Bearer |
scope | The specific scope(s) associated with the access token. |
refresh_token | The new access renewal token. |