Cliquify
POST /oauth/access-token

Description

Request an access token using your application's client_id and client_secret. This is part of the OAuth 2.0 Client Credentials Grant flow for server-to-server authentication without user interaction.

Before You Begin

To obtain an access token using Client Credentials Grant:

  1. Create a Client Credentials client from the Developer Portal.
  2. Copy your client_id and client_secret.
  3. Send these credentials to /oauth/access-token to obtain an access token.

Access Token Expiry

Access tokens issued via OAuth2 are valid for 30 days from the time of issuance.

  • Token Expiry: 30 days
  • Token Type: Bearer
  • Expires In: 2592000 seconds

Why No Refresh Token?

This endpoint uses the OAuth 2.0 Client Credentials Grant, which is designed for server-to-server (machine-to-machine) authentication. Per the OAuth 2.0 specification (RFC 6749 §4.4), refresh tokens are not issued with this grant type.

Reason: Since the client already possesses its client_id and client_secret, it can always request a new access token directly — there is no user interaction or authorization code involved, so a refresh token serves no purpose.

Header Parameters

{
  "Content-Type": "application/x-www-form-urlencoded"
}

Body Parameters

grant_type string Required
The OAuth 2.0 grant type for server-to-server communication.
Available values: client_credentials
client_id string Required
Your application's client ID from the Developer Portal.
client_secret string Required
Your application's client secret from the Developer Portal.

Example Requests

curl --location 'https://oauth.cliquify.me/oauth/access-token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=YOUR_CLIENT_ID' \
--data-urlencode 'client_secret=YOUR_CLIENT_SECRET'
const axios = require('axios');
const qs = require('qs');

const data = qs.stringify({
  grant_type: 'client_credentials',
  client_id: 'YOUR_CLIENT_ID',
  client_secret: 'YOUR_CLIENT_SECRET'
});

axios.post('https://oauth.cliquify.me/oauth/access-token', data, {
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
  }
}).then(response => {
  console.log(response.data);
}).catch(error => {
  console.error(error.response.data);
});
import java.io.*;
import java.net.*;
import java.nio.charset.StandardCharsets;

public class AccessToken {
  public static void main(String[] args) throws Exception {
    String data = "grant_type=client_credentials"
      + "&client_id=YOUR_CLIENT_ID"
      + "&client_secret=YOUR_CLIENT_SECRET";

    URL url = new URL("https://oauth.cliquify.me/oauth/access-token");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    conn.setRequestMethod("POST");
    conn.setDoOutput(true);
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    try (OutputStream os = conn.getOutputStream()) {
      os.write(data.getBytes(StandardCharsets.UTF_8));
    }

    try (BufferedReader br = new BufferedReader(
        new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8))) {
      String responseLine;
      while ((responseLine = br.readLine()) != null) {
        System.out.println(responseLine);
      }
    }
  }
}
import requests

headers = {
  "Content-Type": "application/x-www-form-urlencoded"
}

data = {
  "grant_type": "client_credentials",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET"
}

response = requests.post("https://oauth.cliquify.me/oauth/access-token", headers=headers, data=data)
print(response.json())
using System.Net.Http;
using System.Collections.Generic;
using System.Threading.Tasks;

var values = new Dictionary<string, string> {
  { "grant_type", "client_credentials" },
  { "client_id", "YOUR_CLIENT_ID" },
  { "client_secret", "YOUR_CLIENT_SECRET" }
};

var content = new FormUrlEncodedContent(values);
var client = new HttpClient();
var response = await client.PostAsync("https://oauth.cliquify.me/oauth/access-token", content);
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
package main

import (
  "bytes"
  "fmt"
  "net/http"
)

func main() {
  data := "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"
  resp, err := http.Post("https://oauth.cliquify.me/oauth/access-token", "application/x-www-form-urlencoded", bytes.NewBufferString(data))
  if err != nil {
    panic(err)
  }
  defer resp.Body.Close()
  buf := new(bytes.Buffer)
  buf.ReadFrom(resp.Body)
  fmt.Println(buf.String())
}
$data = http_build_query([
  'grant_type' => 'client_credentials',
  'client_id' => 'YOUR_CLIENT_ID',
  'client_secret' => 'YOUR_CLIENT_SECRET'
]);

$opts = ["http" => [
  "method" => "POST",
  "header" => "Content-Type: application/x-www-form-urlencoded",
  "content" => $data
]];
$response = file_get_contents('https://oauth.cliquify.me/oauth/access-token', false, stream_context_create($opts));
require 'net/http'
require 'uri'

uri = URI.parse("https://oauth.cliquify.me/oauth/access-token")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  "grant_type" => "client_credentials",
  "client_id" => "YOUR_CLIENT_ID",
  "client_secret" => "YOUR_CLIENT_SECRET"
)

req_options = {
  use_ssl: uri.scheme == "https"
}

response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
  http.request(request)
end

puts response.body

Success Response

{
  "success": true,
  "token": {
    "token_type": "Bearer",
    "expires_in": 2592000,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGci..."
  }
}
Response Fields
FieldTypeDescription
successbooleanIndicates whether the request was successful.
token.token_typestringAlways Bearer.
token.expires_inintegerToken lifetime in seconds (2592000 = 30 days).
token.access_tokenstringThe Bearer token to use in the Authorization header for API requests.