Authentication

Get Access Token v2

Copy page

This authentication method uses the Client Credentials grant type. It is intended for server-to-server integrations where no end-user login is required — your application authenticates directly using a provisioned client_id and client_secret.

This is distinct from the standard Slade360 OAuth 2.0 flow, which uses username and password credentials.

Credentials: client_id and client_secret are provisioned per integration. Contact Slade360 to obtain credentials for your environment.

---

Environments

Environment	Base URL
Development	https://identity-dev.slade360edi.com
Production	https://identity.slade360edi.com

---

Generate Access Token

Endpoint Details

Property	Value
Method	POST
Path	/realms/slade360/protocol/openid-connect/token
Dev URL	https://identity-dev.slade360edi.com/realms/slade360/protocol/openid-connect/token
Prod URL	https://identity.slade360edi.com/realms/slade360/protocol/openid-connect/token
Content-Type	application/x-www-form-urlencoded

---

Request Body

Send as application/x-www-form-urlencoded:

Field	Type	Required	Description
client_id	string	Yes	The client identifier issued to your integration.
client_secret	string	Yes	The client secret issued alongside the client_id.
grant_type	string	Yes	Must be client_credentials.

Example Request

Code
 
curl --request POST \
  --url 'https://identity-dev.slade360edi.com/realms/slade360/protocol/openid-connect/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id=<your_client_id>' \
  --data-urlencode 'client_secret=<your_client_secret>' \
  --data-urlencode 'grant_type=client_credentials'

---

Responses

200 OK — Token Issued

Code
 
{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 1800,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "scope": "organization:* profile email group"
}

Field	Type	Description
access_token	string	The JWT access token. Pass this as Bearer <access_token> in the Authorization header on all protected API requests.
expires_in	integer	Token lifetime in seconds (1800 = 30 minutes).
refresh_expires_in	integer	Refresh token lifetime. 0 means no refresh token is issued — re-authenticate when the current token expires.
token_type	string	Always Bearer.
not-before-policy	integer	Policy timestamp. Tokens issued before this time are rejected by the server.
scope	string	OAuth scopes granted to this token.

Token Lifetime: Tokens expire after 30 minutes. No refresh token is issued with the Client Credentials grant — your integration must request a new token on expiry using the same flow.

---

401 Unauthorized — Invalid Credentials

Code
 
{
    "error": "unauthorized_client",
    "error_description": "Invalid client or Invalid client credentials"
}

Resolution: Verify that client_id and client_secret are correct and that you are targeting the right environment (dev vs. prod).

---

Common Error Codes

Status Code	Error	Resolution
401	unauthorized_client	Invalid client_id or client_secret. Verify credentials and ensure the correct environment URL is used.
400	unsupported_grant_type	The grant_type field is missing or not set to client_credentials.
404	Not Found	The realm path is incorrect. Verify the full URL including /realms/slade360/.

---

Using the Token

Include the returned access token in the Authorization header of every API request:

Code
 
Authorization: Bearer <access_token>