Home
Guides
Start typing to search…

Obtaining a client credentials access token

The client_credentials grant supports three use cases. You can request tokens that are:

  1. Scoped to a specific action: For example, you can issue a token that has permission only to read:transactions across all your users.
  2. Scoped to a specific user(customer): You could create a token that grants full API access but only for a single user.
  3. Scoped to both a user and an action: This is the most restrictive scope. For instance, you could request a token that is only permitted to get spending analysis for a single, specified user, or the deletion of a single user's data.
📘

Access tokens issued through the client_credentials grant expire after 7200 seconds (2 hours). To maintain secure access, ensure your application handles token expiration properly.

To get a client credentials token, you'll need to call our /token end point - see our authentication documentation for how to authenticate against this end point - and pass in the following body, along with any authentication fields specified in the authentication document:

FieldTypeDescription
grant_typestringWill always be client_credentials for this instance
scopestringThe scopes you wish to request for the access token
substringThis parameter is the subject of the access token(the user).

Example of a client_credentials grant for data access

curl --location --request POST 'https://identity.moneyhub.co.uk/oidc/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'scope=user:create' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6InRaSUpteEZfbjhfb0JaVS1WQmpmWVFpdVl4ZDU0UnhDVnk0OUVsMF9NNG8ifQ.eyJzdWIiOiJlODY5Y2UxNC03ZTA1LTQxMGItYWI3NC04NDRiMTVhNTZhMjciLCJhdWQiOiJodHRwczovL2lkZW50aXR5Lm1vbmV5aHViLmNvLnVrL29pZGMiLCJpc3MiOiJlODY5Y2UxNC03ZTA1LTQxMGItYWI3NC04NDRiMTVhNTZhMjciLCJqdGkiOiJDai05M1dKRW1TckY3WWMwTl9ucDMwLXRFeGY0RDBZS2RhNTNnNTFjVTF3IiwiaWF0IjoxNzA3OTk4NjczLCJleHAiOjE3MDc5OTkyNzN9.WPVfwX154hG6PKkwEHcbCvouH05CsC9nF_ZhMSURWYDRZ0e_oBImMBB-BmK0moN8N_FsEX2m858Z1q10_UfWUwAhsK6KTGYR8wENfNUi-5iPGOenm8dEn6gO0lud6VpRPgsTEO2aO4cM9S8KJVVYCSpm-njHSPDjDw4G1TBwxoHRAgMW-pDSOjLyoHfx_peUN26EcyqQJ1ALOYn6GBk7laMBVIYOdn883dzn1hSg3eprMUQe3MbBkJ1sxL1AMQejI5w547JSzLvyJgYDR_4n40-ZU-lwazNBZmi9mETteKv4-k4iUDANl8SMuvORkTKsyZcnx1bxQFhutT5YUthEZA'

Updated about 2 months ago