Client Credentials Grant Tokens

The client credentials grant is suitable for machine-to-machine authentication.

Retrieve token

To retrieve a token using this grant type, make a request to the oauth/token endpoint:

$guzzle = new GuzzleHttp\Client;

$response = $guzzle->post('https://{your-hash}', [
    'form_params' => [
        'grant_type' => 'client_credentials',
        'client_id' => 'client-id',
        'client_secret' => 'client-secret'

return json_decode((string) $response->getBody(), true)['access_token'];

Passing the access token

When calling routes that are private, your application should specify your access token as a Bearer token in the Authorization header of their request. For example, when using the Guzzle HTTP library:

$response = $client->request('GET', '/api/products', [
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer '.$accessToken,