Apps that access only your data (OAuth2 Client Credentials Flow)

Is this the right flow for you?

Before you get started, let's make sure this is the right approach for you. Learn more at: How should I authenticate?

Let's get started

If you're building an app that will only use Reverb's public data or just your data, your app only needs to authenticate itself and not any particular user. This is also known as the OAuth2 Client Credentials Flow.

To get started, first register your application

Now, to obtain your access token, post to the oauth token endpoint with your client_id and client_secret, obtained when you created your app above.

curl -i -XPOST '' -d 'grant_type=client_credentials&client_id=foo&client_secret=bar&scope=public+read_listings+read_orders'

The response will contain your bearer token:


Use this token in subsequent requests in the Authorization header

curl -i -H 'Authorization: Bearer 774c5112345abcd3f32e662e885e043672f6c5d36e14c1d98730170cea3' -X GET ''