This flow is designed for server-side applications that need to perform operations on behalf of a specific user or customer without an interactive login session.
Your application makes a single POST request to the appropriate token endpoint found in your metadata as a client to generate a user-specific access token.
Method:
POSTEndpoint: Your Access Token URL (from your client application's metadata).
- Example Base Access Token URL for Client on behalf of a User
https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token - Example Base Access Token URL for Client on behalf of a Customer
https://ai.egain.cloud/system/auth/TMPRODB88619984-C/oauth2/token
- Example Base Access Token URL for Client on behalf of a User
Headers:
| Header | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Body Parameters (application/x-www-form-urlencoded):
| Parameter | Relevance | Description |
|---|---|---|
grant_type | Required | Must be set to password. |
client_id | Required | The Client ID for your application. |
client_secret | Required | The Client Secret for your application. |
scope | Required | A space-separated list of scopes. You can include any combination of scopes assigned to your client application in a single request. This allows you to generate one multi-purpose token for your entire application, or separate tokens for specific tasks, depending on your architectural needs. |
subject_username | Conditional | The username of the user on whose behalf the token is being requested. |
subject_userid | Conditional | The unique ID of the user on whose behalf the token is being requested. |
subject_email | Conditional | The unique email address of the customer on whose behalf the token is being requested. |
User Identification and Best Practices:
- You must provide either
subject_usernameorsubject_useridto identify the user.- You must provide
subject_emailto identify the customer.- It is recommended to use
subject_usernameto ensure optimal performance, as usingsubject_useridcan increase latency.
- Example Full Token cURL for a User:
curl --location --request POST 'https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=7121f585-e403-4531-9a38-1826ebc7e7d8' \
--data-urlencode 'client_secret=*****************' \
--data-urlencode 'scope=knowledge.portalmgr.onbehalfof.read' \
--data-urlencode 'subject_username=pa'Next Steps: