OAuth access token

Your application needs an OAuth access token to call the target API. The access token verifies that your application is authorized to access the requested resource. Use the client ID and client secret to exchange an access token at the token endpoint.

Prerequisites

Request a client ID and client secret for your API client from your administrator. See Managing API clients.

About this task

The following variables are used in this demo. Replace these variables in the cURL commands with the actual values that you receive from your requests.

Table 1. Variables and example values
Variables	Description	Example values
`{{client_id}}`	Generated when the administrator adds your API client in the Verify administration console.	`DqfW5GrLdS`
`{{client_secret}}`	Generated when the administrator adds your API client in the Verify administration console.	`3gepMWZUdk`
`{{tenant}}`	The fully qualified domain name that is assigned to your Verify subscription. It consists of `<hostname>`.verify.ibm.com.	`companyAppTest.verify.ibm.com`
`{{access_token}}`	Returned as a result when you exchange the `{{client_id}}` and `{{client_secret}}` that is assigned to your API client.	`wj0LQ4tPUDTz5LIleVLQkgUc1punUKUfFnBmWy1p`

Get an access token

Use the following cURL command to achieve the access token exchange:

curl -d "grant_type=client_credentials&client_id={{client_id}}&client_secret={{client_secret}}&scope=openid" -H "Content-type: application/x-www-form-urlencoded" -H "Accept: application/json" https://{{tenant}}/v1.0/endpoint/default/token

For example:

curl -d "grant_type=client_credentials&client_id=DqfW5GrLdS&client_secret=3gepMWZUdk&scope=openid" -H "Content-type: application/x-www-form-urlencoded" -H "Accept: application/json" https://companyAppTest.verify.ibm.com/v1.0/endpoint/default/token

Example output response:

{
    "access_token": "wj0LQ4tPUDTz5LIleVLQkgUc1punUKUfFnBmWy1p",
    "expires_in": 7199,
    "scope": "openid",
    "token_type": "Bearer"
}

Use the access token value as the authorization header bearer for your subsequent API calls.

Note: The access token is valid for a limited time (7199 seconds). If your access token expires, repeat this request.