Skip to content

Client credentials flow

Use this flow when you need access to one of Addo Sign's services (e.g., the Sealing Service, Signing Service, or Company Signatories Service).

Simplified flow diagram

client-credentials-flow.svg

Request parameters

  • grant_type
    Specifies the type of grant being used. For the Client Credentials Grant, this value must be set to "client_credentials".

  • client_id
    Your unique client identifier issued by Addo Sign.

  • client_secret
    The secret assigned to your client, issued by Addo Sign.

  • scope
    A space-separated list of permissions you are requesting. Example value: sealing company-signatories.
    Available scopes:

    • sealing
    • signing
    • company-signatories

Example request

POST /authentication-service/connect/token HTTP/1.1
Host: demo.addosign.net
Content-Type: application/x-www-form-urlencoded

client_id={your client id} 
&client_secret= {your client secret}
&grant_type=client_credentials
&scope=sealing%20company-signatories

Response parameters

  • access_token
    The access token issued by the Authentication Service. Use this token to authenticate requests to protected endpoints.

  • token_type
    The type of token issued, the value is always Bearer for client credentials flow.

  • expires_in
    The lifetime in seconds of the access token. After this duration, the token will expire and a new token must be obtained.

  • scope
    (Optional) A space-separated list of scopes associated with the access token. This may differ from the scopes requested if the server applies scope restrictions.

  • error
    A single error code indicating the error that occurred. For example, "invalid_request", "invalid_client", or "invalid_grant".

  • error_description
    (Optional) A human-readable description providing additional details about the error.

  • error_uri
    (Optional) A URI pointing to a web page with more detailed information about the error.

Success response

HTTP/1.1 200 OK
content-type: application/json;charset=UTF-8

{
    "access_token": "eyJhbGciOiJSUz...EdjBCsBfdBaXQ",
    "token_type": "Bearer",
    "expires_in": 3600
}

Error response

HTTP/1.1 400 Bad Request
content-type: application/json;charset=UTF-8

{
    "error": "invalid_scope",
    "error_description": "The specified 'scope' is invalid."
}