Client Credentials Grant | Rightbrain

OAuth 2.0 Client Credentials Grant

This grant type is used for machine-to-machine (M2M) authentication. It allows your application (the client) to obtain an access token using its own credentials (Client ID and Client Secret) without the presence or permission of an end-user.

Use Case:

Server-side services or daemons making API calls on their own behalf (not on behalf of a specific user).
Automated scripts or backend processes interacting with the API.
CLI tools.

Prerequisites:

You have created an API Client in the Rightbrain dashboard.
You have your Client ID and Client Secret for this API Client.
- Client ID: Found on the Account page in the Rightbrain dashboard.
- Client Secret: Provided during API Client creation.
  Secure Storage Required
  The Client Secret is highly sensitive. Store it securely and never expose it in client-side code. If lost, you must regenerate it.

Request Access Token

Your application makes a direct POST request to the Rightbrain Token Endpoint.
URL: https://oauth.rightbrain.ai/oauth2/token
Authentication: Use HTTP Basic Authentication with your Client ID as the username and Client Secret as the password.
Headers:
- Content-Type: application/x-www-form-urlencoded
Body (Form Data):
- grant_type=client_credentials
- (Optional) scope=<SCOPES>: If your client needs specific scopes beyond default access, include them here.

Example Request (curl):

This command uses the -u flag for Basic Authentication and requests a token using the client_credentials grant.

Get Access Token (Client Credentials)

$ # Set your credentials (replace placeholders or use environment variables)
> CLIENT_ID="<YOUR_CLIENT_ID>"
> CLIENT_SECRET="<YOUR_CLIENT_SECRET>"
> 
> TOKEN=$(curl -s -u \"$CLIENT_ID:$CLIENT_SECRET\" \
> -d \"grant_type=client_credentials\" \
> https://oauth.rightbrain.ai/oauth2/token | jq -r '.access_token')
> 
> # Example: Print the token to verify
> # echo $TOKEN

OAuth 2.0 Client Credentials Grant

Secure Storage Required

Request Access Token