post https://tandaio-api-uats.tanda.co.ke/accounts/v1/oauth/token
Get access token using the OAuth 2.0 Client Credentials Flow
Description
All Tanda I/O resources are Oauth2 protected. That means any API developer must understand password and client_credentials Flows prior. This doc provides a detailed guide into how Tanda I/O authenticates and authorizes API Clients or users. The assumption is that the developer has all required Oauth2 credentials at this point.
Quick Details
| Name | Value |
|---|---|
| Url | /accounts/v1/oauth/token |
| HTTP Method | POST |
| Grant Type | client_credentials |
| Content Type | application/x-www-form-urlencoded |
| Authorization | HTTP Basic |
Authorization Request Header
The Authorization header value is derived using the formulae below.
Authorization: Basic BASE_64(CLIENT_ID:CLIENT_SECRET)
Request Body
| Name | Type | Optional | Optional |
|---|---|---|---|
| grant_type | Enumeration {client_credentials} | No | Oauth2 grant type |
Response Body
On Success
HTTP status 200 with an AccessToken as the response body.
On Failure
Client-side / Server-side HTTP status with an IoApiResponse as the response body.
IoApiResponse
A generic response body used by different APIs.
| Name | Type | Optional | Description |
|---|---|---|---|
| Status | String | No | A 6-digit status code. |
| Message | String | Yes | Status Code description. |
| transactionId | UUID | Yes | Unique Request ID. You'll need this ID to check the transaction status. |
| Timestamp | Timestamp | No | Request timestamp. Should have the format yyyy-MM-dd HH:mm:ss.SSS Z. |