Client Credentials

Availability: All Customers

Alloy will POST a request to the client’s authorization server using the client_id and client_secret.

Note an authorization header derived from client_id and client_secret will be sent with every request, see Basic Authentication

POST /oauth2/token
Authorization: Basic QTdLNFg5VDJNQjpMME41QzhWMVFa
Content-Type: application/json
{
  "grant_type": "client_credentials",
  "client_id": "A7K4X9T2MB",
  "client_secret": "L0N5C8V1QZ"
}

Authorization server responds with an access_token:

{
  "access_token": "abc123",
  "token_type": "Bearer",
  "expires_in": 3600
}

Alloy will POST request to client’s webhook endpoint using the access_token:

POST /webhook-endpoint
Authorization: Bearer abc123
Content-Type: application/json

Example webhook configuration: