Client-Credentials Grant

The Client Credentials Grant is appropriate for Clients that do not need to interact with Users.

If you need Users, User data, or to perform actions on behalf of a User, then Client-Credentials Grant is not for you. Instead, try either Code Grant or Implicit Grant, depending on the type and implementation of your Application.

Request Token

Make a request to the MediaHound security services with the Application's client_id and client_secret:

curl -X POST -vu {client_id}:{client_secret} -H "Accept: application/json" -d "grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}"

Request Parameters

client_idThe Application's Client ID.
client_secretThe Application's Client Secret.
grant_typeValue should be client_credentials since you are in the Client-Credentials Grant flow.

Basic Authorization Header

This request requires an Authorization header with Basic authentication. Several command line tools do this automatically, as can be seen in the examples above. For those unfamiliar with this, it means that the client_id and client_secret need to be put together and colon ( : ) separated, then Base64 encoded. This value must then be placed after "Basic " and this entire string will be the value of the Authorization header. For example, if your client_id were "MyClientId" and your client_secret were "MyClientSecret", then the Base64 encoded header would look like this:

Authorization: Basic TXlDbGllbnRJZDpNeUNsaWVudFNlY3JldA==


  "access_token" : String,
  "token_type" : "bearer",
  "expires_in" : Long,
  "scope" : String

Response Parameters

access_tokenThe actual token to use on subsequent requests.
token_typeValue would be "bearer" since the token being returned is to be used as a Bearer Token.
expires_inNumber of seconds until the token expires.
scopeAll the default scopes that the Application is allowed to request.

Details about how to use the access_token can be found here.

Refresh Token

Once the access_token has expired, simply request a new one.