viasocket small logo
Ctrl + K
FAQ
Plugin Builder
Authentication
Authentication Auth2.0 - Clien...

Authentication Auth2.0 - Client Credentials

 OAuth 2.0 – Client Credentials Grant Type

Purpose:
This flow is for app-to-app communication with no user interaction. The application authenticates itself using its Client ID and Client Secret to get an access token. Common in backend integrations, automation scripts, and service accounts.

1. Configure Your Fields

In this step, you define the fields the user must fill in to set up the connection.

  • Always include:

    • Client ID – The public identifier of your application from the provider’s developer portal.

    • Client Secret – The private key from the provider’s developer portal; must be kept secure.

  • Optional: API environment (sandbox/production), API version, or custom configuration fields.

  • Tip: Clearly label these fields so the user knows where to find them in the provider’s developer console.

2. Configure Access Token API

The endpoint where viaSocket sends the Client ID and Client Secret to obtain an access token.

  • Example: https://service.com/oauth/token

  • Typical parameters:

    • grant_type=client_credentials

    • client_id

    • client_secret

    • scope (if required)

  • Tip: Use HTTPS to ensure credentials are secure in transit.

3. Configure Refresh Token API

Usually not required because Client Credentials flow can request a new token any time.

  • Only configure if the provider explicitly supports refresh tokens in this flow.

4. Configure Revoke Token API

Optional endpoint to invalidate tokens.

  • Example: https://service.com/oauth/revoke

  • Recommended for security if users may disconnect integrations.

5. Configure Test (Me) API

An API call to confirm the token works.

  • Often /status, /account, or /ping.

  • This verifies the access token is valid and the app is authorized.

6. Add Connection Label

Give the saved connection a meaningful name.

  • Example: ServiceX App Connection.

  • Can include environment or version for clarity.

7. Add URLs to Whitelist

List only the allowed domains/endpoints for this connection.

  • Reduces the risk of misuse if tokens are compromised.

8. Add Unique Authentication Identifier

A unique ID for the authenticated app/service.

  • Could be the application ID, service account ID, or integration name.

9. Set Request Parameters

Default parameters for all API requests.

  • Example: version=2.

  • Do not put sensitive credentials here — those go in the authentication fields.

Extra Best Practices

  • Keep Client Secret safe — never expose it in public repos or frontend code.

  • Request only the minimum scopes needed.

  • Automate token renewal before expiry if tokens are short-lived.

  • Perfect for background jobs, system integrations, and scheduled automation.

If

client credentials.png
© 2024 viaSocket All rights reserved. A product of walkover