Client credentials

The Client Credentials grant type uses your domain’s API Key and Secret to request an access token. You can only use this grant type from server-side to avoid exposing your API secret. You can’t refresh access tokens that you’ve obtained with the Client Credentials grant type. When your access token expires, you must issue the same request to get a new token.

Note

If you use this grant type, the access token won’t be assigned to a specific user.

To use endpoints that require a user’s ID, complete the following steps:

1. Go to the user’s Trustpilot Business profile page.
2. Copy the User ID.
3. Provide the User ID as a header or in the request body.

Request an access token

To get an access token you need your API Key and API Secret. Method: POST https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken

Headers

Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]

Create a string by concatenating your key, a colon, and your secret. Base64 encode this resulting string.

Content-Type: application/x-www-form-urlencoded

Payload

Name	Type	Description
grant_type	Required string	Value must be set to client_credentials

Example

curl -X POST \
  "https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken" \
  -H 'authorization: Basic <[BASE64_ENCODED(API_KEY:API_SECRET)]>' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d grant_type=client_credentials

Response

{
    access_token: "AccessToken",
    expires_in: "359999"
}