{"_id":"5622f2c906481c0d00e5315c","user":"556cbb50c14029190092d20f","parentDoc":null,"project":"556cd8aec14029190092d292","__v":11,"version":{"_id":"556cd8aec14029190092d295","__v":14,"project":"556cd8aec14029190092d292","createdAt":"2015-06-01T22:11:58.756Z","releaseDate":"2015-06-01T22:11:58.756Z","categories":["556cd8afc14029190092d296","55ca5a55241e790d004f47ea","55dc9fdb4f535537007da1b2","55dc9fdfc755b63700dc843c","55fdb08c4bebdf17004130d4","560ef4c2a36c610d00e7013e","5613db296a092921004c30c2","56156581dc8aea0d002475e8","56169d1ee98f5517005627a8","5622fde7de7dc01700c6dd5f","56cf75f3336aa60b0086a495","5818f3c02093901b00bcf91a","582f7ff88ea0800f0035639a","583f30c110448a2500dd990f"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"5622fde7de7dc01700c6dd5f","pages":["5622fe48d51d480d0064fc77","5623104906481c0d00e53162","56231066de7dc01700c6dd65","5627f69388948617002a0996"],"project":"556cd8aec14029190092d292","__v":4,"version":"556cd8aec14029190092d295","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-10-18T02:03:19.875Z","from_sync":false,"order":3,"slug":"authentication-and-authorization","title":"Authentication and Authorization"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-10-18T01:15:53.792Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"## Is this the right flow for you?\n\nBefore you get started, let's make sure this is the right approach for you. Learn more at: [How should I authenticate?](doc:how-should-i-authenticate) \n\n## Let's get started\n\nIf you're building an app that will only use Reverb's public data or just your data, your app only needs to authenticate itself and not any particular user. This is also known as the OAuth2 Client Credentials Flow.\n\nTo get started, first [register your application](https://reverb.com/apps/new)\n\nNow, to obtain your access token, post to the oauth token endpoint with your client_id and client_secret, obtained when you created your app above.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"curl -i -XPOST 'https://reverb.com/oauth/token' -d 'grant_type=client_credentials&client_id=foo&client_secret=bar&scope=public+read_listings+read_orders'\",\n      \"language\": \"curl\"\n    }\n  ]\n}\n[/block]\nThe response will contain your bearer token:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\\"access_token\\\":\\\"774c5112345abcd3f32e662e885e043672f6c5d36e14c1d98730170cea3\\\",\\\"token_type\\\":\\\"bearer\\\",\\\"scope\\\":\\\"public\\\",\\\"created_at\\\":1445131550}%\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\nUse this token in subsequent requests in the Authorization header\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"curl -i -H 'Authorization: Bearer 774c5112345abcd3f32e662e885e043672f6c5d36e14c1d98730170cea3' -X GET 'https://api.reverb.com/api/listings'\",\n      \"language\": \"curl\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"application-only-authorization-client-credentials-flow","type":"basic","title":"Apps that access only your data (OAuth2 Client Credentials Flow)"}

Apps that access only your data (OAuth2 Client Credentials Flow)


## Is this the right flow for you? Before you get started, let's make sure this is the right approach for you. Learn more at: [How should I authenticate?](doc:how-should-i-authenticate) ## Let's get started If you're building an app that will only use Reverb's public data or just your data, your app only needs to authenticate itself and not any particular user. This is also known as the OAuth2 Client Credentials Flow. To get started, first [register your application](https://reverb.com/apps/new) Now, to obtain your access token, post to the oauth token endpoint with your client_id and client_secret, obtained when you created your app above. [block:code] { "codes": [ { "code": "curl -i -XPOST 'https://reverb.com/oauth/token' -d 'grant_type=client_credentials&client_id=foo&client_secret=bar&scope=public+read_listings+read_orders'", "language": "curl" } ] } [/block] The response will contain your bearer token: [block:code] { "codes": [ { "code": "{\"access_token\":\"774c5112345abcd3f32e662e885e043672f6c5d36e14c1d98730170cea3\",\"token_type\":\"bearer\",\"scope\":\"public\",\"created_at\":1445131550}%", "language": "json" } ] } [/block] Use this token in subsequent requests in the Authorization header [block:code] { "codes": [ { "code": "curl -i -H 'Authorization: Bearer 774c5112345abcd3f32e662e885e043672f6c5d36e14c1d98730170cea3' -X GET 'https://api.reverb.com/api/listings'", "language": "curl" } ] } [/block]