Client Flow

Client Credentials Flow

Client Credentials is the simplest of the OAuth2 flows supported by the Pushpay API. It allows third party applications to authenticate to Pushpay as themselves (so they are not accessing Pushpay on behalf of a Pushpay user).

To obtain an access token using the client credentials flow, you will need to be issued with both a:

• client_id
• client_secret

These are issued when you sign up to our API Developer Program (by contacting the API Support Team and asking them to set up an account for you). Once you have this information, you can then proceed to make a request to the authorization server to generate an access token, by:

1. Setting a "basic auth" header, using the client_id and client_secret as the username/password (basic auth combines the id and password separated by a colon, base64 encoded).
2. Setting the content type of the request to be application/x-www-form-urlencoded
3. Supplying a form-encoded body with the parameters:

• grant_type = client_credentials
• scope = space-separated list of scopes

4. Making a POST request to https://auth.pushpay.com/pushpay/oauth/token

Upon success you should receive a 200 OK response, with a JSON body as follows:

{
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1N....",
    "token_type":"Bearer",
    "expires_in":3600,
    "refresh_token":null
}

The access_token property contains the token you must use for all subsequent API requests.

Note: The client credentials flow does not support refresh - in this case the consumer just needs to make another access request to get a new token, using their client_id and client_secret as identification.