Client Access Token - SG Developers

The Client Access Token is necessary to communicate with the Web Careers API endpoints which do not require a user to be signed in.

Please Note: The API clients generated via our applicant tracking system are so called PUBLIC clients, that do not have a client secret assigned. We’re doing so since we assume that your application is directly communicating with the API. You cannot create a Client Access Token without secret. The basic authorization page explains how to handle the communication with the API then.

Obtain a Client Access Token

Request (via shell)

There are several possibilities to obtain a client access token. Choose one:

curl -i -u "{CLIENT_ID}:{CLIENT_SECRET}" -d "grant_type=client_credentials" "{API_BASE_URL}/oauth/frontend/token"

1	curl -i -u "{CLIENT_ID}:{CLIENT_SECRET}" -d "grant_type=client_credentials" "{API_BASE_URL}/oauth/frontend/token"

curl -i -H "Authorization: Basic {base64Encoded({CLIENT_ID}:{CLIENT_SECRET})}" -d "grant_type=client_credentials" "{API_BASE_URL}/oauth/frontend/token"

1	curl -i -H "Authorization: Basic {base64Encoded({CLIENT_ID}:{CLIENT_SECRET})}" -d "grant_type=client_credentials" "{API_BASE_URL}/oauth/frontend/token"

curl -i -d "grant_type=client_credentials&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}" "{API_BASE_URL}/oauth/frontend/token"

1	curl -i -d "grant_type=client_credentials&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}" "{API_BASE_URL}/oauth/frontend/token"

Using the taloom cloud and the fictional client id “1337” and client secret “mys3cr3t” the commands are:

curl -i -u "1337:mys3cr3t" -d "grant_type=client_credentials" "https://api.softgarden.io/api/rest/oauth/frontend/token"

1	curl -i -u "1337:mys3cr3t" -d "grant_type=client_credentials" "https://api.softgarden.io/api/rest/oauth/frontend/token"

>curl -i -H "Authorization: Basic MTMzNzpteXMzY3IzdA==" -d "grant_type=client_credentials" "https://api.softgarden.io/api/rest/oauth/frontend/token"

1	>curl -i -H "Authorization: Basic MTMzNzpteXMzY3IzdA==" -d "grant_type=client_credentials" "https://api.softgarden.io/api/rest/oauth/frontend/token"

curl -i -d "grant_type=client_credentials&client_id=1337&client_secret=mys3cr3t" "https://api.softgarden.io/api/rest/oauth/frontend/token"

1	curl -i -d "grant_type=client_credentials&client_id=1337&client_secret=mys3cr3t" "https://api.softgarden.io/api/rest/oauth/frontend/token"

Response

Success

In case the request is correct and the given credentials are valid the response consists of an access token “access_token“, a token type “token_type” and a relative expiry date “expires_in” given in seconds. Example:

{
  "access_token": "53451125rz0012m98qq102364869n0",
  "token_type": "Bearer",
  "expires_in": 3600
}

{

"access_token": "53451125rz0012m98qq102364869n0",

"token_type": "Bearer",

"expires_in": 3600

}

Error

Unknown client

The specified client could not be found:

{
  "error": "INVALID_CLIENT",
  "error_description": "no such client."
}

{

"error": "INVALID_CLIENT",

"error_description": "no such client."

}

Invalid credentials

The client has been found but the given credentials are not valid:

{
  "error": "INVALID_CLIENT",
  "error_description": "authentication failed."
}

{

"error": "INVALID_CLIENT",

"error_description": "authentication failed."

}