Client credentials
The Client Credentials grant type uses your domain’s API Key and Secret to request an access token. You can only use this grant type from server-side to avoid exposing your API secret. You can’t refresh access tokens that you’ve obtained with the Client Credentials grant type. When your access token expires, you must issue the same request to get a new token.
To use endpoints that require a user’s ID, complete the following steps:
- Go to the user’s Trustpilot Business profile page.
- Copy the User ID.
- Provide the User ID as a header or in the request body.
Request an access token
To get an access token you need your API Key and API Secret.
Method: POST
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken
Headers
Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]
Create a string by concatenating your key, a colon, and your secret. Base64 encode this resulting string.
Content-Type: application/x-www-form-urlencoded
Payload
Name | Type | Description |
---|---|---|
grant_type | Required string | Value must be set to client_credentials |
Example
curl -X POST \ "https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken" \ -H 'authorization: Basic <[BASE64_ENCODED(API_KEY:API_SECRET)]>' \ -H 'content-type: application/x-www-form-urlencoded' \ -d grant_type=client_credentials
Response
{ access_token: "AccessToken", expires_in: "359999"}