- 30 Sep 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Service Applications
- Updated on 30 Sep 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
A service application doesn’t involve the end-user in the authorization process. These applications are strictly used to call APIs and use the client_credentials OAuth2 grant type to obtain Access Tokens from the Authorization Server by providing it's credentials and the set of scopes (permissions) it requests.
Token request
Service applications are using the client_credentials OAuth2 grant type to obtain Access Tokens.
Example:
curl --request POST --url https://connect.visma.com/connect/token --header 'content-type: application/x-www-form-urlencoded' --data 'grant_type=client_credentials&scope=visma_api:read&client_id=demoapp&client_secret=SECRET&tenant_id=af1140c1-52e0-46c7-b684-df894d4b8a5a'
Parameters:
Name | Example Value | Required | Description |
---|---|---|---|
grant_type | client_credentials | yes | As defined in the OAuth 2.0 specifications, this field must contain value of client_credentials. |
scope | visma_api:read The “visma_api:read” scope-name above is just an example - check your API documentation for scope(s) to use. | yes | Identifies the Visma API access that your application is requesting. Multiple scopes separated by a space. |
client_id | demoapp | yes | The Client ID set when application was registered. Identifies which app is making the request. |
client_secret | The secret obtained when registering the application | yes | This is your application's Client Secret. |
tenant_id | af1140c1-52e0-46c7-b684-df894d4b8a5a | no | Identifies the tenant for which your application wants to access API data. This parameter is required for tenant based APIs . Read more |
Your application needs to be granted permission by the tenant administrator before using the tenant_id on the token request.
If successful, this call will return a neatly packaged token that you can use to make authenticated calls to the Visma API resources. The response will contain the following fields:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVENDc....7MTOBbdd5mgb2CHzxL0RFjs24pqC1pCeUqOjbg",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "visma_api:read"
}
Refresh Tokens are never issued to service applications since the application can obtain a new token whenever needed without involving the end-user.