## API Authentication

Our API uses the **OAuth 2.0 Client Credentials flow** for authentication. This flow is designed for machine-to-machine (M2M) communication—typically used by backend services that need to authenticate securely without user interaction.

## What is the Client Credentials Flow?

The Client Credentials flow allows a client (such as a backend service) to authenticate with the authorization server using its own credentials (`client_id` and `client_secret`) and obtain a **bearer token**. This token is then included in API requests to authorize access.

## How It Works

1. Your service sends a `POST` request to the token endpoint with its `client_id` and `client_secret`.
2. The authorization server validates the credentials and issues an access token.
3. Your service uses the bearer token in the `Authorization` header to make authenticated API requests.


## Getting an Access Token

Before you can create an access token, you will need to reach out to our [team](https://bndry.net/contact) to organise API credentials for BNDRY.

Make a `POST` request to the token endpoint:


```http
POST /oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET
```

To do this using curl you would:


```javascript
   $ curl https://auth.bndry.app/realms/bndry/protocol/openid-connect/token -XPOST -d "grant_type=client_credentials&client_id=[client_id_here]&client_secret=[super_secrets_here]"
```

## Using the Access Token

Once you have your token you want to use it as the authorization header:


```http
Authorization: Bearer <access_token>
```