--- title: Token Admin App (client_credentials) description: The token endpoint is used by the client to obtain an access token by presenting its authorization grant using Basic Auth. Note that authentication requirements to this endpoint are configured by the application's tokenEndpointAuthMethod property. Refer to Applications settings OIDC data model for more information about this property. component: pingone-api page_id: pingone-api:auth:openid-connect-oauth-2/token-admin-app-client_credentials canonical_url: https://developer.pingidentity.com/pingone-api/auth/openid-connect-oauth-2/token-admin-app-client_credentials.html section_ids: prerequisite: Prerequisite headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Token Admin App (client\_credentials) ## ```none POST {{authPath}}/{{envID}}/as/token ``` The token endpoint is used by the client to obtain an access token by presenting its authorization grant using Basic Auth. Note that authentication requirements to this endpoint are configured by the application's `tokenEndpointAuthMethod` property. Refer to [Applications settings OIDC data model](../../platform/applications/applications-1.html#applications-oidc-settings-data-model) for more information about this property. The `scopes` property can be optional or required based on the following conditions: * If the `scope` property is omitted, and the application is assigned scopes from one custom resource, all custom resource scopes assigned to the application are granted to the access token. * If the `scope` property is provided, only the custom resource scopes assigned to the application and listed as values in the `scope` property are granted to the access token. All other scopes assigned to the application are ignored. * If the `scope` property is provided, only the scopes from one custom resource can be requested. * If the `scope` property is provided, and the application is assigned scopes from one custom resource, PingOne API and openid scopes are not applicable. Refer also to [Token (POST client\_credentials) (CLIENT\_SECRET\_POST)](token-client_credentials-client-secret-post.html). ### Prerequisite * Refer to [OpenID Connect/OAuth 2](../openid-connect-oauth-2.html) and [Token](token-intro.html) for important overview information. > **Collapse: Request Model** > > | Property | Type | Required? | > | ------------ | ------ | --------- | > | `grant_type` | String | Required | > | `scope` | String | Optional | > > Refer to the [OpenID Connect/OAuth2 data model](../openid-connect-oauth-2.html) for full property descriptions. ### Headers Authorization Content-Type      application/x-www-form-urlencoded ### Body urlencoded ( application/x-www-form-urlencoded ) | Key | Value | | ----------- | ------------------- | | grant\_type | client\_credentials | ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{authPath}}/{{envID}}/as/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19' \ --data-urlencode 'grant_type=client_credentials' ``` ```csharp var options = new RestClientOptions("{{authPath}}/{{envID}}/as/token") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", "Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19"); request.AddParameter("grant_type", "client_credentials"); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{authPath}}/{{envID}}/as/token" method := "POST" payload := strings.NewReader("grant_type=client_credentials") client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/x-www-form-urlencoded") req.Header.Add("Authorization", "Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /{{envID}}/as/token HTTP/1.1 Host: {{authPath}} Content-Type: application/x-www-form-urlencoded Authorization: Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19 grant_type=client_credentials ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded"); RequestBody body = RequestBody.create(mediaType, "grant_type=client_credentials"); Request request = new Request.Builder() .url("{{authPath}}/{{envID}}/as/token") .method("POST", body) .addHeader("Content-Type", "application/x-www-form-urlencoded") .addHeader("Authorization", "Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{authPath}}/{{envID}}/as/token", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/x-www-form-urlencoded", "Authorization": "Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19" }, "data": { "grant_type": "client_credentials" } }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{authPath}}/{{envID}}/as/token', 'headers': { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19' }, form: { 'grant_type': 'client_credentials' } }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests url = "{{authPath}}/{{envID}}/as/token" payload = 'grant_type=client_credentials' headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{authPath}}/{{envID}}/as/token'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/x-www-form-urlencoded', 'Authorization' => 'Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19' )); $request->addPostParameter(array( 'grant_type' => 'client_credentials' )); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "net/http" url = URI("{{authPath}}/{{envID}}/as/token") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/x-www-form-urlencoded" request["Authorization"] = "Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19" request.body = "grant_type=client_credentials" response = http.request(request) puts response.read_body ``` ```swift let parameters = "grant_type=client_credentials" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/token")!,timeoutInterval: Double.infinity) request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type") request.addValue("Basic e3thZG1pbkFwcElEfX06e3thZG1pbkFwcFNlY3JldH19", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 200 OK ```json { "access_token": "eyJhbGciOiJSUz...", "token_type": "Bearer", "expires_in": 3600 } ```