# OAuth2.0 - Client Credentials Grant

The client credentials grant flow is primarily used by applications to authenticate as themselves, rather than as a user. Here’s how you can achieve this:

1. **Register Your Application:** Before you can request an access token, ensure that you have registered your application, assigned the necessary permissions and obtained the necessary credentials such as a client ID and client secret.
2. **Request an Access Token:** To obtain an access token, send an HTTP POST request to the appropriate token endpoint for your region. Include the necessary credentials (client ID and secret) in your request. The audience value is `https://jga.jylo.ai/external/v2`.
3. **Handle the Access Token**: After a successful request, the token endpoint will return an access token. You should securely store this token and re-use it during it's lifetime (found in the `exp`claim) and use it to authenticate your application's requests to the API.

Token endpoints by region:

* UK: `https://login.uk.jylo.ai/oauth/token`
* EU: `https://login.eu.jylo.ai/oauth/token`
* US: `https://login.us.jylo.ai/oauth/token`

Ensure you follow security best practices, such as keeping client credentials secure and managing token expiration and renewal appropriately.

## Examples

#### cURL&#x20;

```
curl -X POST \
  https://YOUR_TOKEN_ENDPOINT \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&audience=https://jga.jylo.ai/external/v2'
```

In this example:

* Replace `YOUR_TOKEN_ENDPOINT` with one of the above appropiate endpoints for your region.
* Replace `YOUR_CLIENT_ID` with your application’s client ID.
* Replace `YOUR_CLIENT_SECRET` with your application’s client secret.