Client Credentials Flow
The Client Credentials flow is used in server-to-server authentication. Since this flow does not include authorization.
The following diagram shows how the Client Credentials Flow works:
Prerequisites
This guide assumes that you have created an app following the app settings guide.
Request authorization
The first step is to send a POST request to the /oauth/token endpoint of the Boomplay OAuth 2.0 Service with the following parameters encoded in application/json:
| REQUEST BODY PARAMETER | VALUE | Required |
|---|---|---|
| grant_type | Set it to clientCredentials. | true |
| app_id | Required The app ID provided to you by Boomplay when you register your application. | |
| app_secret | Required The app secret provided to you by Boomplay when you register your application. |
The headers of the request must contain the following parameters:
| HEADER PARAMETER | VALUE |
|---|---|
| Content-Type | Required Set to application/json |
| Accept-Language | Such as zh-CN,en-US... default en |
Example
JavaScript Example
var url = '';
var appId = '';
var appSecret = '';
var httpRequest = new XMLHttpRequest();
httpRequest.open('POST', url, true);
httpRequest.setRequestHeader("Content-type","application/json");
httpRequest.setRequestHeader("Accept-Language",'zh-CN');
var obj = JSON.parse('{"grant_type":"client_credentials","app_id":appId,"app_secret":appSecret}');
httpRequest.send(JSON.stringify(obj));
httpRequest.onreadystatechange = function () {
if (httpRequest.readyState == 4 && httpRequest.status == 200) {
var json = httpRequest.responseText;
console.log(json);
}
};
If everything goes well, you’ll receive a response similar to this containing the Access Token:
{
"accessToken": "kS1dO9Pp....==",
"expiresIn": 7200
}
Request Sample
POST {{host}}/oauth/token
Content-Type: application/json
{"app_id":"{{appId}}","app_secret":"{{appSecret}}"}
Response Example
{
"desc": null,
"code": 0,
"data": {
"access_token": "g0OmJblrY9JfnR+jfiGs12s8pEJ18DBSANxjAK+CD2Y=",
"expires_in": 7200
}
}