Client credentials grant

Overview

The client credentials grant type is an OAuth 2.0 authorization flow used for machine-to-machine (M2M) authentication. In this flow, an application, referred to as the client, authenticates directly with an authorization server by using its own credentials, typically a client ID and client secret, to obtain an access token. Unlike other OAuth flows, it does not involve users or their service accounts. It is suited for backend services or applications that access resources or APIs on their own behalf rather than on behalf of a user.

Business scenarios and use cases

The client credentials grant type supports a variety of business scenarios that require secure system-to-system communication without user interaction. Common examples include:

• Automated data processing, such as backend services retrieving third-party API data without user involvement
• Microservices communication within an organization, enabling secure interservice calls
• Enterprise integration, connecting systems such as CRM and marketing platforms through server-to-server authentication
• Batch jobs and scheduled tasks, including data synchronization or report generation without user input
• DevOps and automation tools, allowing CI/CD pipelines or monitoring utilities to securely access APIs