Skip to content

Client credentials

The Client Credentials grant type uses your domain’s API Key and Secret to request an access token. You can only use this grant type from server-side to avoid exposing your API secret. You can’t refresh access tokens that you’ve obtained with the Client Credentials grant type. When your access token expires, you must issue the same request to get a new token.

To use endpoints that require a user’s ID, complete the following steps:

  1. Go to the user’s Trustpilot Business profile page.
  2. Copy the User ID.
  3. Provide the User ID as a header or in the request body.

Request an access token

To get an access token you need your API Key and API Secret. Method: POST https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken

Headers

Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]

Create a string by concatenating your key, a colon, and your secret. Base64 encode this resulting string.

Content-Type: application/x-www-form-urlencoded

Payload

NameTypeDescription
grant_typeRequired stringValue must be set to client_credentials

Example

curl -X POST \
"https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken" \
-H 'authorization: Basic <[BASE64_ENCODED(API_KEY:API_SECRET)]>' \
-H 'content-type: application/x-www-form-urlencoded' \
-d grant_type=client_credentials

Response

{
access_token: "AccessToken",
expires_in: "359999"
}