Skip to main content
POST
/
oauth2
/
token
Request an access token
curl --request POST \
  --url https://auth.eu1.hellgate.cloud/oauth2/token \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data scope=decisions:create \
  --data audience=my-lovely-specter-42
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 1800,
  "scope": "decisions:create"
}

Authorizations

Authorization
string
header
required

Your client ID and client secret, sent as HTTP Basic credentials.

Body

application/x-www-form-urlencoded
grant_type
enum<string>
required

Must be client_credentials.

Available options:
client_credentials
scope
string
required

Space-delimited list of scopes to request. Required — there are no default scopes. Must be a subset of the scopes provisioned on your client.

Example:

"decisions:create"

audience
string
required

Space-delimited list of audiences — the service instances the token may call. Each audience is the instance name only, not its full hostname (for example, my-lovely-specter-42, not my-lovely-specter-42.eu1.on-hellgate.cloud). Required — there is no default audience. Must be within the audiences provisioned on your client. The target service validates the token's aud claim on each request.

Example:

"my-lovely-specter-42"

Response

The access token was issued.

access_token
string
required

The signed JWT to send as a bearer token on API requests.

token_type
string
required

Always bearer.

Example:

"bearer"

expires_in
integer
required

Seconds until the token expires. Tokens are valid for 30 minutes.

Example:

1800

scope
string

The scopes granted on the token.

Example:

"decisions:create"