The Client Credentials grant type is typically used for server-to-server API operations. In this scenario, you are not acting as a Smokeball user but a type of “service” that can perform operations on an Account level.

Request an Access Token

Make a POST request to https://auth.smokeball.com/oauth2/token with the following parameters and headers:

  curl --request POST 'https://auth.smokeball.com/oauth2/token' \
    --header 'Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'client_id=xxxx'
Authorization
string
required

Basic Authentication header containing the client_id and client_secret (base64-encoded).

Format: Basic base64(client_id:client_secret).

Example: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

Content-Type
string
required

Must be set to application/x-www-form-urlencoded. Ensures the request body is properly encoded.

grant_type
string
required

Must be set to client_credentials for this OAuth2 flow.

Indicates the request is for client credentials grant.

client_id
string
required

The client identifier that has been issued.

Used to authenticate the client making the request.

The Authorization header must be the string “Basic” followed by your client_id and client_secret with a colon : in between, Base64 Encoded. For example, client_id:client_secret is Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "access_token": "dmcxd329ujdmkemkd349r...",
    "expires_in": 3600,
    "token_type": "Bearer"
}

See AWS Cognito Token Endpoint Documentation for more information

See Making Requests - Server-to-Server requests for details on using Client Credentials.