OAuth2.0 - Client Credentials Grant

The client credentials grant flow is primarily used by applications to authenticate as themselves, rather than as a user. Here’s how you can achieve this:

1. Register Your Application: Before you can request an access token, ensure that you have registered your application, assigned the necessary permissions and obtained the necessary credentials such as a client ID and client secret.

2. Request an Access Token: To obtain an access token, send an HTTP POST request to the appropriate token endpoint for your region. Include the necessary credentials (client ID and secret) in your request. The audience value is https://jga.jylo.ai/external/v2.

3. Handle the Access Token: After a successful request, the token endpoint will return an access token. You should securely store this token and re-use it during it's lifetime (found in the expclaim) and use it to authenticate your application's requests to the API.

Token endpoints by region:

• UK: https://login.uk.jylo.ai/oauth/token

• EU: https://login.eu.jylo.ai/oauth/token

• US: https://login.us.jylo.ai/oauth/token

Ensure you follow security best practices, such as keeping client credentials secure and managing token expiration and renewal appropriately.

Examples

cURL

curl -X POST \
  https://YOUR_TOKEN_ENDPOINT \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&audience=https://jga.jylo.ai/external/v2'

In this example:

• Replace YOUR_TOKEN_ENDPOINT with one of the above appropiate endpoints for your region.

• Replace YOUR_CLIENT_ID with your application’s client ID.

• Replace YOUR_CLIENT_SECRET with your application’s client secret.