{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"On-Behalf-Of Flow","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"on-behalf-of-flow","__idx":0},"children":["On-Behalf-Of Flow"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This flow is designed for server-side applications that need to perform operations on behalf of a specific user or customer without an interactive login session."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"_","__idx":1},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Generate an On-Behalf-Of Access Token"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Your application makes a single ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST"]}," request to the appropriate token endpoint found in your ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/metadata"},"children":["metadata"]}," as a client to generate a user-specific access token."]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Method"]},": ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST"]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Endpoint"]},": Your ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Access Token URL"]}," (from your client application's metadata)."]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example Base Access Token URL for Client on behalf of a User"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token\n"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example Base Access Token URL for Client on behalf of a Customer"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"https://ai.egain.cloud/system/auth/TMPRODB88619984-C/oauth2/token\n"},"children":[]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Headers:"]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Header"},"children":["Header"]},{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Value"},"children":["Value"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Content-Type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["application/x-www-form-urlencoded"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Body Parameters (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["application/x-www-form-urlencoded"]},"):"]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Parameter"},"children":["Parameter"]},{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Relevance"},"children":["Relevance"]},{"$$mdtype":"Tag","name":"th","attributes":{"align":"left","data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["grant_type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Required"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Must be set to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["password"]},"."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Required"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["The Client ID for your application."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Required"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["The Client Secret for your application."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scope"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["Required"]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["A space-separated list of scopes. You can include any combination of scopes assigned to your client application in a single request. This allows you to generate one multi-purpose token for your entire application, or separate tokens for specific tasks, depending on your architectural needs."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_username"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Conditional"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["The username of the user on whose behalf the token is being requested."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_userid"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Conditional"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["The unique ID of the user on whose behalf the token is being requested."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_email"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Conditional"]}]},{"$$mdtype":"Tag","name":"td","attributes":{"align":"left"},"children":["The unique email address of the customer on whose behalf the token is being requested."]}]}]}]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["User Identification and Best Practices:"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You must provide either ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_username"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_userid"]}," to identify the user."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["You must provide ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_email"]}," to identify the customer."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["It is ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["recommended to use ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_username"]}]}," to ensure optimal performance, as using ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject_userid"]}," can increase latency."]}]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example Full Token cURL for a User:"]}]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"curl","header":{"controls":{"copy":{}}},"source":"curl --location --request POST 'https://ai.egain.cloud/system/auth/TMPRODB88619984-U/oauth2/token' \\\n--header 'Content-Type: application/x-www-form-urlencoded' \\\n--data-urlencode 'grant_type=password' \\\n--data-urlencode 'client_id=7121f585-e403-4531-9a38-1826ebc7e7d8' \\\n--data-urlencode 'client_secret=*****************' \\\n--data-urlencode 'scope=knowledge.portalmgr.onbehalfof.read' \\\n--data-urlencode 'subject_username=pa'\n","lang":"curl"},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Next Steps:"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/developer-portal/guides/authentication/making-requests"},"children":["Make Authenticated Requests"]}]}]}]},"headings":[{"value":"On-Behalf-Of Flow","id":"on-behalf-of-flow","depth":1},{"value":"","id":"_","depth":2}],"frontmatter":{"seo":{"title":"On-Behalf-Of Flow"}},"lastModified":"2026-05-02T04:27:32.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/developer-portal/guides/authentication/on-behalf-of-flow","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}