Client Credentials Mode
Workflow
Example request:
curl -v -X POST 'https://{digiRunner_DOMAIN}/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic {client_secret}' \
-d 'grant_type=client_credentials'Parameters with details:
client_secret
String
Required
1. Client Password registered with digiRunner; needs to be encoded with Base64
2. Concatenate the client ID with ":" and the encoded client password, then encode the result with Base64 again to generate the value to be used
3. Example:
Client ID: tspclient
Client Password: tsp123abcd
Formula for generating the value:
Base64 Encode(ClientID+":"+Base64 Encode(Client Password))
Base64 Encode(tspclient+":"+Base64 Encode(tsp123abcd))
Base64 Encode(tspclient:dHNwMTIzYWJjZA==)
Output for client_secret:
dHNwY2xpZW50OmRITndNVEl6WVdKalpBPT0=
grant_type
String
Required
client_credentials, a fixed value
Example of Successful Response
Example:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJub2RlIjoiZXhlY3V0b3IxIiwiYXVkIjpbIllXUnRhVzVCVUVrIl0sInNjb3BlIjpbIjIwMDAwMDAwMDYiXSwic3RpbWUiOjE2ODQ4MzI3MzMwODQsImV4cCI6MTY4NDkxOTEzMywiaWF0Ijox...",
"expires_in": 86399,
"jti": "9984ec5d-30fd-4ed1-aa5c-20dff243599f",
"node": "executor1",
"scope": "2000000006",
"stime": 1684832733084,
"token_type": "bearer"
}Example of Error Response
If the client password is incorrect, a 401 Unauthorized HTTP status code and JSON response will be returned.
Example:
{
"timestamp": "1685945001184",
"status": 401,
"error": "Unauthorized",
"message": "The client account or password is incorrect. clientId: tspclient",
"path": "/oauth/token"
}Calling APIs Registered in digiRunner with Access Token
After obtaining the access token issued by digiRunner, TSP can utilize the associated permissions to call APIs registered in digiRunner.
For the request example and parameter with details, refer to OpenID Connect (OIDC) Mode > Calling APIs Registered in digiRunner with Access Token.
Was this helpful?