Private M2M applications and Web plugins use "Client Credentials Grant" authorization workflow and bearer access tokens. You can get detailed authorization process description at "4.4. Client Credentials Grant" and

Process flow for OAuth2 authorization:

  1. A call is made for an access token /api/oauth2/token. Both client identifier and client secret are included.
  2. Trakopolis OAuth2 authorization server processes request.
  3. An access token is provided back to your application. This access token has at this time a 5 minute lifespan. Application can use the access token for the timespan alloted.
  4. Once application has an access token it will create a call to an API protected resource (assets, statuses, etc.) and supply an OAuth2 authorization header that contains the information needed for a Protected Resource Request.

Application credentials are passed using basic HTTP Authorization. To receive credentials string, the client sends the client identifier and client secret, separated by a single colon (":") character, within a base64 encoded string.

Header parameters

  • Content-Type:  application/x-www-form-urlencoded
  • Authorization: Basic {Application Credentials}


  • grant_type=client_credentials

Example of an access token request

 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic UTJObCt4elFna2FnK20yWGQ1Z2RWdz09Ok1HNjM0Z0tnWjR2WVp4QjN3ZktnMGZ3ak1wSG45VEFOVTY1eEhyTEw=
 Content-Length: 29

Please note, that for Web plugins you need to pass scope value in request: grant_type=client_credentials&scope=... Please refer to "Scopes and Division Data Access"section for details.

Alternatively client may send its credentials inside request content:

 Content-Type: application/x-www-form-urlencoded; charset=utf-8
 Content-Length: 127