Quick start
Machine-to-Machine (M2M)
Machine-to-machine (M2M) applications allow you to authenticate backend services, scripts, or automation tools that need to call your APIs without a user being involved.
M2M apps in Kinde use the OAuth 2.0 client credentials flow to obtain access tokens. These tokens can then be used to securely interact with Kinde APIs or your own APIs.
You can create M2M applications for general use across your business, or scope them to a specific organization for tighter access control.
Common scenarios where M2M apps are useful:
These are not linked to any one organization and can be used to call APIs across multiple orgs. Typically used for admin-level automation or infrastructure integration.
These are tied to a single organization. Tokens issued to these apps include trusted claims like org_code
, ensuring that any access is isolated to that organization’s context.
client_id
and client_secret
in a client credentials requestTokens can include scopes to limit access and, if scoped to an org, will include the org_code
trusted claim.