Client Credentials
Availability: All Customers
Alloy will POST
a request to the client’s authorization server using the client_id
and client_secret
.
Note an authorization header derived from client_id
and client_secret
will be sent with every request, see Basic Authentication
POST /oauth2/token
Authorization: Basic QTdLNFg5VDJNQjpMME41QzhWMVFa
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "A7K4X9T2MB",
"client_secret": "L0N5C8V1QZ"
}
Authorization server responds with an access_token
:
{
"access_token": "abc123",
"token_type": "Bearer",
"expires_in": 3600
}
Alloy will POST
request to client’s webhook endpoint using the access_token
:
POST /webhook-endpoint
Authorization: Bearer abc123
Content-Type: application/json
Example webhook configuration:

Updated 25 days ago