ℹ️

The Client Credentials Grant Type is not supported for partner integrations

If you are a Bipsync Partner developing an integration, please see the Onboarding for Partners documentation which describes the support authentication flows.

The Client Credentials Grant is best suited to machine-to-machine type integrations, when your application needs to make API requests as itself rather than as a user. This flow does not involve any redirects or user interfaces.

Access tokens issued with the Client Credentials Grant have much broader access than those issued to users with the Authorization Code Grant. They allow the bearer to access all content within a team, including private notes. If your application only requires access to content within the scope of a user, consider using the Authorization Code Grant.

Obtain an Access Token

1. Make a request for an access token

To obtain an access token you need to make a server-side request to POST https://{client}-api.bipsync.com/v1/oauth/token. You will need to include the following parameters in the request body encoded as form data or JSON:

To allow the token to access team resources, you will need to include a special team scope. In the scope parameter include a value consisting of team_ joined with the team ID, e.g., team_65df73340142feec34d7d6ee. If this is omitted then the token will not be granted access to any team resources.

2. Handle the token response

If the request is successful you should receive an HTTP 200 status code and a JSON response in the following format:

{
  "token_type": "bearer",
  "expires_in": 3600,
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY..."
}

The access token will expire after 60 minutes. The client credentials grant type will not return a refresh token.