Guides

Password

Availability: All Customers

Suggest Edits

This grant type is used for webhooks integrated with a 3rd party service, i.e. salesforce.

Alloy will POST a request to the authorization server using the client_id , client_secret and the username , password (i.e. salesforce credentials).

Note an authorization header derived from client_id and client_secret will be sent with every request, see Basic Authentication

POST /oauth2/token
Authorization: Basic QTdLNFg5VDJNQjpMME41QzhWMVFa
Content-Type: application/json
{
  "grant_type": "password",
  "username": "david_user",
  "password": "davidpass",
  "client_id": "A7K4X9T2MB",
  "client_secret": "L0N5C8V1QZ"
}

Authorization server responds with an access_token:

{
  "access_token": "abc123",
  "token_type": "Bearer",
  "expires_in": 3600
}

Alloy will POST a request to webhook endpoint using the access_token:

POST /webhook-endpoint
Authorization: Bearer abc123
Content-Type: application/json

Example webhook configuration:

Updated 4 days ago