> ## Documentation Index
> Fetch the complete documentation index at: https://docs.smokeball.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Client Credentials Grant

> Use the Client Credentials Grant to authenticate and authorize server-to-server operations

The **Client Credentials** grant type is typically used for server-to-server API operations. In this scenario, you are not acting as a Smokeball user but a type of "service" that can perform operations on an Account level.

## Request an Access Token

Make a POST request to `https://auth.smokeball.com/oauth2/token` with the following parameters and headers:

<CodeGroup>
  ```bash curl theme={"dark"}
    curl --request POST 'https://auth.smokeball.com/oauth2/token' \
      --header 'Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=' \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode 'grant_type=client_credentials' \
      --data-urlencode 'client_id=xxxx'
  ```

  ```json http theme={"dark"}
  {
    "method": "POST",
    "url": "https://auth.smokeball.com/oauth2/token",
    "headers": {
      "Authorization": "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=",
      "Content-Type": "application/x-www-form-urlencoded"
    },
    "body": {
      "grant_type": "client_credentials",
      "client_id": "xxxx"
    }
  }
  ```
</CodeGroup>

<ParamField path="Authorization" type="string" required="true">
  Basic Authentication header containing the `client_id` and `client_secret` (base64-encoded).

  Format: `Basic base64(client_id:client_secret)`.

  Example: `Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=`
</ParamField>

<ParamField path="Content-Type" type="string" required="true">
  Must be set to `application/x-www-form-urlencoded`.
  Ensures the request body is properly encoded.
</ParamField>

<ParamField path="grant_type" type="string" required="true">
  Must be set to `client_credentials` for this OAuth 2.0 flow.

  Indicates the request is for client credentials grant.
</ParamField>

<ParamField path="client_id" type="string" required="true">
  The client identifier that has been issued.

  Used to authenticate the client making the request.
</ParamField>

> The **Authorization** header must be the string "Basic" followed by your client\_id and client\_secret with a colon : in between, Base64 Encoded. For example, client\_id:client\_secret is Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

**Sample Response**

```json theme={"dark"}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "access_token": "dmcxd329ujdmkemkd349r...",
    "expires_in": 3600,
    "token_type": "Bearer"
}
```

> See [AWS Cognito Token Endpoint Documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) for more information

> See [Making Requests - Server-to-Server requests](/docs/api-docs/voyymdyjn5yp3-making-requests#server-to-server-requests) for details on using Client Credentials.
