How To

Machine to Machine

A service (aka: machine) is a non human program that may request an access token from Crossid in order to authenticate to other services.

A good example is a micro service or a scheduled job that requires access to a protected REST API.

This how-to explains how to perform authentication programmatically, with no user interaction, so a service could access some API.

Create a service account

A service account is a user intended to be used for services rather people.

Lets create a service account that will be granted with privileges to access our API.

  1. In Admin console, navigate to Directory → Service Accounts.
  2. Open the Actions dropdown and click Add.
  3. Follow the modal (don't forget to make the account active).

add service account

Machine to Machine

This machine to machine integration will make our service account be able to authenticate via OAuth2.

  1. In Admin console, navigate to Marketplace → Machine to Machine.
  2. Click the Add Integration button.
  3. Follow the wizard.

add machine to machine integration

Required for next step, copy from Admin UI the fields below

Your Client ID:click to change
Your Client Secret:click to change

Create an API integration

Lets create an API that our service should access.

  1. In Admin console, navigate to Marketplace → API.
  2. Click the Add Integration button.
  3. Follow the wizard.


Grant Access

We have to grant our service account access to the API.


At this point, we have a service account that have write grants to access our API app, lets authenticate.

curl -X POST https://{{tenant_domain}}/oauth2/token \
-F grant_type=client_credentials \
-F client_id={{client_id}} \
-F client_secret={{client_secret}} \
-F scope='write'


"access_token": "eyJhbGciOiJSUzI1NiIsImt...",
"expires_in": 3599,
"refresh_expires_in": 2592000000000000,
"scope": "write",
"token_type": "bearer"
Sample Repositories