# Client Credentials Flow (for Server-to-Server and Anonymous Customers) This flow is used for machine-to-machine communication where the application authenticates itself directly without a user present. ## **For a Client App (Server-to-Server)** This is the standard flow for backend services. * **Method**: `POST` * **Endpoint**: Your **Token URL** (from your client application's metadata). * **Example Token URL for a Client App:** ``` https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token ``` **Headers:** | Header | Value | | --- | --- | | `Content-Type` | `application/x-www-form-urlencoded` | **Body Parameters (`application/x-www-form-urlencoded`):** | Parameter | Relevance | Description | | --- | --- | --- | | `grant_type` | **Required** | Must be set to `client_credentials`. | | `scope` | **Required** | A space-separated list of scopes. You can include any combination of scopes assigned to your client application in a single request. This allows you to generate one multi-purpose token for your entire application, or separate tokens for specific tasks, depending on your architectural needs. | | `client_id` | **Required** | The Client ID for your application. | | `client_secret` | **Required** | The Client Secret for your application. | * **Example Full Token cURL for a Client App:** ```curl curl --location --request POST 'https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'scope=knowledge.portalmgr.manage' \ --data-urlencode 'client_id=b4b2c1d9-4c19-4e8a-8e7a-9a0b1c2d3e4f' \ --data-urlencode 'client_secret=hh2Y0UE8FmaFBBawzMUua1OB8Ks4QWHNUyhDyZj1X7c' ``` ## **For an Anonymous Customer** This flow is a specific implementation of client credentials to get a token for an anonymous customer. * **Method**: `POST` * **Endpoint**: https://api.ai.egain.cloud/core/authmgr/v3/oauth2/v2.0/anonymous/token?user_type=customer&domain_hint= * **Example Token URL for an Anonymous Customer:** ``` https://api.ai.egain.cloud/core/authmgr/v3/oauth2/v2.0/anonymous/token?user_type=customer&domain_hint=TMPRODB88619984 ``` **Query Parameters:** | Parameter | Relevance | Description | | --- | --- | --- | | `user_type` | **Required** | Must be set to `customer`. | | `domain_hint` | **Required** | Must be set to your environment's tenant id. This is the id that is present in all authorization and access token URLs from your client application's metadata. i.e, `TMPRODB88619984` of `https://ai.egain.cloud/system/auth/TMPRODB88619984-C/oauth2/token` | **Body Parameters (`application/x-www-form-urlencoded`):** | Parameter | Relevance | Description | | --- | --- | --- | | `grant_type` | **Required** | Must be set to `client_credentials`. | | `client_id` | **Required** | The Client ID for your application. | | `client_secret` | **Required** | The Client Secret for your application. | | `scope` | **Required** | A space-separated list of application permissions required for anonymous access. For anonymous customer, each scope will need to be prefixed with `https://api.ai.egain.cloud/auth/`, i.e, `https://api.ai.egain.cloud/auth/knowledge.portalmgr.read` | * **Example Full Token cURL for an Anonymous Customer** ```curl curl --location --request POST 'https://api.ai.egain.cloud/core/authmgr/v3/oauth2/v2.0/anonymous/token?user_type=customer&domain_hint=TMPRODB88619984' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'client_id=************************************' \ --data-urlencode 'client_secret=************************************' \ --data-urlencode 'scope=https://api.ai.egain.cloud/auth/core.aiservices.read https://api.ai.egain.cloud/auth/core.aiservices.manage' ``` **Next Steps:** - [Make Authenticated Requests](/developer-portal/guides/authentication/making-requests)