Client Credentials Flow for Partners
In the section Requesting an ACCESS_TOKEN below, you will find a step-by-step guide with examples of how to get a temporary token and access the API. Frequently Asked Questions about this process are answered in the FAQ section below.
Requesting an ACCESS_TOKEN
ACCESS_TOKEN
Watch out for the environment URL
When youβre ready to release your integration, replace the domain with
https://gateway.remote.com
. You can find the API documentation for the/auth/oauth2/token
endpoint here.
To request an ACCESS_TOKEN
, you need to send a POST
request to our Authorization Servers according to the following items:
- Send a
POST
request tohttps://gateway.remote-sandbox.com/auth/oauth2/token
- Include the authorization header with basic authentication encoded with Base64:
- Generate the Base64 with both credentials separated by a colon (:) as shown here β
<client_id>:<client_secret>
- Use the header
Authorization: Basic <client_id_and_client_secret_encoded_in_base64>
- Generate the Base64 with both credentials separated by a colon (:) as shown here β
- Include the
Content-Type: application/x-www-form-urlencoded
header in the request - In the payload, you need to fill the grant type:
grant_type
filled withclient_credentials
β it's a constant value
Assuming your CLIENT_ID=your_client_id
and CLIENT_SECRET=your_client_secret
, an example of what your request should look like is shown below.
$ echo -n "your_client_id:your_client_secret" | base64
eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0
$ curl --location \
--request POST 'https://gateway.remote-sandbox.com/auth/oauth2/token' \
--header 'Authorization: Basic eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials'
The response to this request should look like the following JSON:
{
"access_token": "eyJraWQiOiIrRHF3Y1A4TU80bEMrN1NxSVQxSVcHHL6LLZH0o_xWvoUG...",
"expires_in": 3600,
"token_type":"Bearer"
}
This means that the access_token
of the type Bearer
will expire in 3600
seconds after the time of the request.
Watch out for the token!
The access token will be valid for 3600 seconds (one hour), so we recommend that the caller fetch a new access token before the current one expires (e.g. every 55 minutes). Please note that there is no limit to the number of access tokens that can be used at the same time.
Using the ACCESS_TOKEN
ACCESS_TOKEN
You can use the ACCESS_TOKEN
to make requests described in our API Reference documentation. All you need to do is include the ACCESS_TOKEN
in the Authorization
header as shown in the example below:
$ curl --location \
--request GET 'https://gateway.remote.com/eor/v1/companies' \
--header 'Authorization: Bearer eyJraWQiOiIrRHF3Y1A4TU80bEMrN1NxSVQxSVcHHL6LLZH0o_xWvoUG...'
FAQ
I don't have my CLIENT_ID
or CLIENT_SECRET
credentials. What should I do?
Learn how to get your credentials in the Getting Started page.
Can I use my ACCESS_TOKEN
more than once?
Yes. You can use your ACCESS_TOKEN
as many times you want. Access is valid for 3600 seconds (one hour).
How can I know when the ACCESS_TOKEN
will expire?
The authorization server returns the key expires_in
together with the access token. So you can easily calculate the expiration time based on the time the request was performed.
Do I need to wait for my ACCESS_TOKEN
to expire before requesting a new one?
No. You can request as many tokens as you need. However, it's important to note that caching the token may save extra requests and reduce response times.
Updated 18 days ago