Add Machine to Machine (M2M) OAuth client application

Add a machine-to-machine OAuth client application for calling APIs.

Select your Workspace, depening on your use case:
- To call Admin level APIs, select the Admin workspace.
- To call Root or System APIs, select the System workspace.
- To call APIs protected by an Authorizer, create the client in the same workspace where the APIs and authorizer are connected.
Admin and System Workspace Access
If you need to access the Admin or System workspace, contact Support.
In your workspace, select Applications > Clients > Create client.
Provide a name for your application, selet the Service type, and click Create.
Copy or download the client application configuration (client ID and secret) and add it to your backend application code.
Copy the token endpoint and add it to your backend application.
You can use any OAuth library library for your application.

Use the client credentials flow to call the token endpoint.

Example CURL with the client_secret_post client authentication method:

curl -X POST https://$TENANT_ID.$REGION_ID.authz.cloudentity.io/$TENANT_ID/$WORKSPACE_ID/oauth2/token \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-raw "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET"

Next Steps

Configure OAuth settings of your client app for more advanced usecases
- Enable mTLS client authentication
- Check out OAuth2c -- a user-friendly OAuth CLI -- to test how different OAuth flows, client authentication methods, and extentsions work
Add services, APIs, and configure access scopes
Restrict access to your application

In this section:

Add Machine to Machine (M2M) OAuth client application

Admin and System Workspace Access

Next Steps

Search results