Client credentials grant

shineabilityshineability Member Posts: 3
edited September 2019 in Development

We need to access the Retail API from one of our micro services, so there will be no user authorisation possible using the browser. This would be a typical use case for the client credentials grant, but it doesn't seem to be documented anywhere...

Is it just missing from the docs or is this grant just not available?

And if it is not available, how would you go about?



  • Adrian SamuelAdrian Samuel Moderator, Lightspeed Staff Posts: 654 moderator

    Hey @shineability,

    Temporary token retrieval cannot be done outside a browser environment, This shouldn't be a problem for automated systems since you only need to authenticate once to get the access token, from which everything else is automated.

    An identical question on this thread:

    Hope this helps!

    Adrian Samuel

    Software Developer

    Lightspeed HQ

  • shineabilityshineability Member Posts: 3

    Hi Samuel,

    So, after reading through the thread you mentioned, we have to start the authorisation code grant flow, extract the authorization code from the "dummy" redirect URI and then within 30 seconds exchange it manually for an access (and refresh) token? :)

    It'll work, but it's rather impractical, don't you think?

    Just out of interest, why not make the client credentials grant available for these kinds of use cases?

    In any case, thanks for the quick feedback!

Sign In or Register to comment.