# OAuth2 Client Credentials Grant Type(server token)

The client credentials grant flow is meant only for server-to-server API requests that use an app access token.

To get an access token, send an HTTP POST request to `https://pulsoid.net/oauth2/token`. Set the following `x-www-form-urlencoded` parameters as appropriate for your app.

<table><thead><tr><th width="177.33333333333331">Name</th><th width="143">Type</th><th>Description</th></tr></thead><tbody><tr><td>grant_type</td><td>string</td><td>Must be set to client_credentials</td></tr></tbody></table>

There should be an Authorization header with base64 encoded client\_id:client\_secret. For example: for\
`client_id=c0403af6-998a-4b22-b08b-cc7329bbdc03` and\
`client_secret=b2729cb2-a34a-4641-aa92-b66b2d27eabd`\
there should be a header

```
Authorization: Basic YzA0MDNhZjYtOTk4YS00YjIyLWIwOGItY2M3MzI5YmJkYzAzOmIyNzI5Y2IyLWEzNGEtNDY0MS1hYTkyLWI2NmIyZDI3ZWFiZA==
```

#### Curl request example

```sh
curl --request POST \
  --url https://pulsoid.net/oauth2/token \
  --header 'Authorization: Basic YzA0MDNhZjYtOTk4YS00YjIyLWIwOGItY2M3MzI5YmJkYzAzOmIyNzI5Y2IyLWEzNGEtNDY0MS1hYTkyLWI2NmIyZDI3ZWFiZA==' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data scope=profile:create
```

#### Curl response example

If the request succeeds, it returns an access token.

```json
{
  "access_token": "4edb0b67-79f9-49ef-ab8f-afb05f24c4d1",
  "expires_in": 5011271,
  "token_type": "bearer"
}
```