Client credentials grant flow
This method is used outside of the context of the user. The client is assumed to be the resource owner and the access request to an application’s resources rather than the resource’s owned by the user. An application access token should only be used in server to server calls and should not be used when making calls from a client-side application. The following diagram describes the Client Credential flow:

Token Request
-
API CALL:
- POST
{``baseURL``}/oauth/token
- POST
-
HEADER:
- Authorization: Basic <Base64 encoded “ClientID:ClientSecret”>
- Content-Type: application/x-www-form-urlencoded
-
BODY:
- grant_type = {client_credentials}
- scope = {ApplicationName} (Space separated values)
For scope, please do not use
scope=openidwith Client Credentials. The openid scope may be used with the Authorization Code flows in order to also return an id token.
Example request
POST /oauth/token/Host: stage.id.trimblecloud.com/oauth/tokenAuthorization: BasicTE9pU...Content-Type: application/x-www-form-urlencodedAccept: application/jsonCache-Control: no-cache
grant_type=client_credentialsscope = processingToken response
A sample response for the above request:
{ "access_token": "eyJ0e...", "token_type": "bearer", "expires_in": 3600}- To decode and verify the TID JWT Token, refer to Decode JWT