Generate your OAuth Access Token
How to Obtain an OAuth2 Client_Credentials Access Token for Michelin APIs
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access in the form of tokens to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Things you should know before generating an access token for Michelin APIs using API Client:
Endpoint to generate OAuth token?
Prod Server: https://api.michelin.com/idp/v1/internal/oauth/token/accesstoken
Which Grant Type is used on OAuth?
Currently, the supported grant type for published APIs with OAuth2 is client_credentials, and is typically used when the app needs to access the backend service to do its work. The service is otherwise opaque to the end user. With this grant type, an app can receive an access token by presenting its client ID and client secret keys to the authorization server. The Grant type is sent as a Query parameter for the OAuth endpoint.
https://api.michelin.com/idp/v1/internal/oauth/token/accesstoken?grant_type=client_credentials
Where to find and how to send the Client ID & Secret?
The Client ID and Secret can be found in the App you created when subscribing to the API Product. Details will be available in My Profile's -> My Apps.
Below details must be sent in ‘Request body – form url encoded’ format for testing the OAuth endpoint.
client_id : xyz [value to obtained from KEY of app]
client_secret: abc [value to obtained from SECRET of app]
What is Scope? Is it mandatory to provide the scope while generating an access token?
In OAuth, a scope is a parameter that defines the specific permissions or actions that an access token can have. It specifies what resources or data the client application can access on behalf of the user.
Whether it is mandatory to provide a scope while generating an access token depends on the OAuth implementation and the specific requirements of the API provider. Some APIs may require a scope to be specified to limit the access rights of the access token. In such cases, providing a valid scope is mandatory. However, there may be scenarios where the API provider does not enforce the use of scopes, and in those cases, providing a scope may be optional. We recommend you refer to the API documentation (available in the Specification tab of each API Product) to determine whether providing a scope is mandatory or optional in your specific case.
We are providing you the option of Generating an Access Token using our Oauth API Specification below, simply add Client ID, Client Secret, and Scope for your respective API.
Free feel to Contact us for any queries.