Client Credentials Flow

The Client Credentials flow is used for applications to obtain an access_token in the software context.

Endpoint

https://api-sandbox.astrapay.com.br/oauth/v1/token

Request

Headers:

Content-Type: application/x-www-form-urlencoded

Body:

grant_type: client_credentials  
client_id: 3f83b186-9ab7-4cec-8e44-a22c9a6e5e04  
client_secret: c58cf8f3-e7bc-44b5-85f3-6947e69404f3

You can download the Open API 3.0 Specification by clicking here.

Frequently Asked Questions

Why don't I receive a Refresh Token?

The Client Credentials flow doesn't require a Refresh Token. After the access_token expires, simply make a new request to OAuth.

Can I reuse the access_token?

The access_token can be reused in multiple requests during its lifetime, as indicated by the expires_in attribute. The expires_in is in seconds and is counted from the moment the access_token is generated.

Common Errors

Found an error in this flow? Here are the most common errors along with suggested solutions.

Unsupported Grant Type Error

{
    "error": "unsupported_grant_type",
    "error_description": "GrantType not supported."
}

Make sure that grant_type:client_credentials is being provided in the request body.

Invalid Credentials Error

{
    "error_description": "Invalid credentials format."
    "error": "invalid_client",
}

You are providing your credentials in an incorrect format.

Invalid Scope Error

{
    "error": "invalid_scope",
    "error_description": "Client does not have authorization to request the scope: XXXXXX"
}

The most common causes for this error are:

• Providing an unauthorized scope
• Not providing a valid scope
• Providing scopes without separating them with spaces

Scope Not Provided Error

{
  "error": "invalid_request",
  "error_description": "Scope parameter not provided."
}

No scope was provided in the request.