This documentation is for WSO2 API Manager 1.10.0 View documentation for the latest release.
Generating Access Tokens with Credentials - Client Credentials Grant Type - API Manager 1.10.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

Client credentials can be used when the authorization scope is limited to the protected resources belonging to the client. Client credentials are used as an authorization grant when the client requests access to protected resources based on an authorization previously arranged with the authorization server. The client application requests an access token from the authorization server, authenticating the request with its client key and client secret. If the client is successfully authenticated, an access token is returned.

Invoking the Token API to generate the tokens

  1. Obtain a valid consumer key and consumer secret pair. Initially, you generate these keys through the API Store by clicking Generate Keys in the Production Keys tab of the application.
  2. Combine the consumer key and consumer secret key in the format consumer-key:consumer-secret and encode the combined string using base64 (
  3. Use the following sample cuRL command to obtain the access token.

    curl -k -d "grant_type=client_credentials" -H "Authorization: Basic <Base64 encoded client_key:client_secret>, Content-Type: application/x-www-form-urlencoded" https://localhost:port/token

    You receive a response similar to the following:

  • No labels