Client credentials
The Client Credentials grant type uses your domain’s API Key and Secret to request an access token. You can only use this grant type from server-side to avoid exposing your API secret. You can’t refresh access tokens that you’ve obtained with the Client Credentials grant type. When your access token expires, you must issue the same request to get a new token.
To use endpoints that require a user’s ID, complete the following steps:
- Go to the user’s Trustpilot Business profile page.
- Copy the User ID.
- Provide the User ID as a header or in the request body.
Request an access token
Section titled “Request an access token”To get an access token you need your API Key and API Secret.
Method: POST https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken
Headers
Section titled “Headers”Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]
Create a string by concatenating your key, a colon, and your secret. Base64 encode this resulting string.
Content-Type: application/x-www-form-urlencoded
Payload
Section titled “Payload”| Name | Type | Description |
|---|---|---|
| grant_type | Required string | Value must be set to client_credentials |
Example
Section titled “Example”curl -X POST \ "https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken" \ -H 'authorization: Basic <[BASE64_ENCODED(API_KEY:API_SECRET)]>' \ -H 'content-type: application/x-www-form-urlencoded' \ -d grant_type=client_credentialsResponse
Section titled “Response”{ access_token: "AccessToken", expires_in: "359999"}