Application-Only Authentication Flow
Applications can use the client credentials grant type of the OAuth2 specification to get an access token that will provide access to public, non-user-specific data (events, listings, etc).
1. Create a Basic Authorization header
- URL encode your application's client id and client secret according to RFC 1738
- Concatenate the encoded client id, a colon character “:” and the encoded consumer secret into a single string
- Base64 encode the string from the previous step
2. Obtain an access token
- The value calculated in Step 1 must be exchanged for an access token:
Request
- curl
- C#
- Ruby
- Python
- PHP
curl -X POST "https://account.stubhub.com/oauth2/token"
-u "clientId:clientSecret" --basic
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=client_credentials"
-d "scope=read:events"
var api = new ViagogoClient(
"clientId",
"clientSecret",
new ProductHeaderValue("MyAwesomeApp"));
var token = await api.OAuth2.GetClientAccessTokenAsync(new[] {"read:events"});
api = GogoKit::Client.new(client_id: CLIENT_ID, client_secret: CLIENT_SECRET)
token = api.get_client_access_token({scope: 'read:events'})
# TODO
// TODO
Headers
Name | Value |
---|---|
Authorization | Basic {value from step 1} |
Content-Type | application/x-www-form-urlencoded |
Parameters
Name | Type | Description |
---|---|---|
grant_type | string | Required. Value should be client_credentials |
scope | string | Space-delimited string of the scopes you would like. |
Response
{
"access_token": "pYXQiOjE0MjI1MzY0NjEsInNjb3BlIjo",
"token_type": "bearer",
"expires_in": 86400,
"scope": "read:events"
}