Skip to content

Client credentials

The Client Credentials grant type uses your domain’s API Key and Secret to request an access token. You can only use this grant type from server-side to avoid exposing your API secret. You can’t refresh access tokens that you’ve obtained with the Client Credentials grant type. When your access token expires, you must issue the same request to get a new token.

To use endpoints that require a user’s ID, complete the following steps:

  1. Go to the user’s Trustpilot Business profile page.
  2. Copy the User ID.
  3. Provide the User ID as a header or in the request body.

To get an access token you need your API Key and API Secret. Method: POST https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken

Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]

Create a string by concatenating your key, a colon, and your secret. Base64 encode this resulting string.

Content-Type: application/x-www-form-urlencoded

NameTypeDescription
grant_typeRequired stringValue must be set to client_credentials
curl -X POST \
"https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken" \
-H 'authorization: Basic <[BASE64_ENCODED(API_KEY:API_SECRET)]>' \
-H 'content-type: application/x-www-form-urlencoded' \
-d grant_type=client_credentials
{
access_token: "AccessToken",
expires_in: "359999"
}