Switch Developer Documentation
  • Welcome
  • ⚠️Migration to Auth0
    • Overview
    • Status
    • Switch API
      • Client Credentials Flow
      • Organization Client
      • Token Endpoint
    • OpenADR 3 VTN API
      • VTN Credentials
      • Token Endpoint
  • Getting Started
    • Concepts
    • Guides
      • How to send readings
      • Market operations
      • Conditional agreements
    • Support
  • Switch API
    • Overview
    • Terms of Use
    • Authentication
      • Client Credentials Flow
      • Organization Client
      • Token Endpoint
    • Rate Limiting
    • Errors
    • API Reference
      • Market Zones
      • Products
      • Resources
      • Meters
      • Readings
  • OpenADR 3
    • Overview
    • Authentication
      • VTN Credentials
      • Token Endpoint
    • API Reference
      • Programs
      • Events
      • Reports
      • Subscriptions
      • Vens
    • Webhooks
      • Callback URL verification
      • Domain and IP addresses
      • Best practices
    • Payloads
    • Code samples
  • Libraries
    • .NET SDK
      • SDK Reference
        • IAuthService.Auth
        • IProgramsService.Programs
        • IEventsService.Events
        • IReportsService.Reports
        • ISubscriptionsService.Subscriptions
        • IVensService.Vens
Powered by GitBook
On this page
  • How it works
  • Parameters
  • Request
  • Response

Was this helpful?

  1. Switch API
  2. Authentication

Client Credentials Flow

The Client Credentials Flow is used for external clients to fetch an access token to use with the Switch API.

PreviousAuthenticationNextOrganization Client

Last updated 10 months ago

Was this helpful?

The Client Credentials Flow (as defined in ) involves an application exchanging its application credentials, such as and , for an access token.

This flow is best suited for Machine-to-Machine (M2M) applications, such as CLIs, daemons, or backend services, because the system must authenticate and authorize the application instead of a user.

How it works

  1. Client application sends application's credentials to the Authorization Server.

  2. The Authorization Server validates application's credentials.

  3. The Authorization Server responds with an access token.

  4. The client application can use the access token to call the API on behalf of itself.

  5. The API responds with requested data.

Parameters

Following are the request parameters needed when making the fetch access token call to the authorization server.

Parameter Name
Description

grant_type (required)

Must be set to client_credentials.

scope (required)

The scope for the token, which is in fact the API.

client_id (required)

The client application ID.

client_secret (required)

The client application secret.

Request

The following is an example authorization code grant request the Authorization Server would receive.

POST /token HTTP/1.1
Host: authorization-server.com
 
grant_type=client_credentials
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
&scope=api_scope

Response

If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:

{
  "access_token":"eyJz93a...k4laUWw",
  "token_type":"Bearer",
  "expires_in":86400
}

The returned access token from the Switchmarket Authorization Server will be valid for 1 hour only. After that you need to generate new one in order to be able to access the Switchmarket API.

The Client Credentials flow is used by the platform whose secrets can be managed by the organization administrators.

organization clients
OAuth 2.0 RFC 6749