Update: Authentication API V2 now accepts credentials in the request's body!

Introduction

Almost a year ago, we introduced the new version (V2) of the Authentication API (refer here).

Important Update: Authentication v1 Deprecation Extended to April 30th, 2024 – Act Now!

Among the updates, we introduced a new way to pass the client ID and secret to obtain a token.

In this new version, the credentials are passed encoded in base64 in the request's header (refer here).

We recently enabled a new option to pass your credentials and get your tokens, and that's what we'll cover in this blog post.

The New option

You can now leverage the first version approach to pass your credentials in the POST token requests body.

It works exactly as you are used to with the previous version

So you can now use one of the two available options below:

1 - With base64 encoded credentials in the header in the format Basic ${Base64(<client_id>:<client_secret>)}

2 - With credentials in the body without encoding.

Note that it needs to be one of the two options.

If you try both approaches in the same request, the API will return the error below:

{
	"error": "invalid_request",
	"error_description": "The 'client_id' is not supported in the request body when Authorization headers are present."
}

Please check the updated documentation with examples for every possible workflow and let us know if you have any trouble ;)