M2M overview
Machine-to-Machine (M2M)
This guide shows you how to create a Machine-to-Machine (M2M) application in Kinde, authorize it for an API, and use the client credentials flow to get a token and make a secure API request.
You can skip this step if you already have an API registered in Kinde.
For more information, see Register and manage APIs.
You need to authorize the API or else token requests will be rejected.
Complete this step if your API uses scopes to define permissions.
read:users
, write:flags
.For more information about how to assign scopes to an API, see Define and manage API scopes.
You can test the app in one of two ways:
curl --request POST 'https://<your-subdomain>.kinde.com/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'client_id=your-client-id' \ --data-urlencode 'client_secret=your-client-secret' \ --data-urlencode 'audience=<your-api-audience>' \ --data-urlencode 'scope=read:users write:flags'
The response will include a bearer token you can use in requests:
{ "access_token": "<token>", "token_type": "Bearer", "expires_in": 3600}
Include the token in the Authorization
header:
curl https://your-subdomain.kinde.com/v1/organizations \ -H "Authorization: Bearer <token>"