# Client Credentials

Authentication with client Credentials is by far the most common for clients. Aritma Id saves only the hash (like SHA256 and SHA512)
and requires the clear text from the client when authenticating.

## Token request

Fetch a  usable access token. This is done using the
`/connect/token` endpoint. In short you send a token request with `grant_type=client_credentials` together with the
supplied `client_id` and `client_secret`,
and the `scope` you want to request.

### POST /connect/token


```HTTP
POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded

  client_id=CLIENT_ID&
  client_secret=CLIENT_SECRET&

  grant_type=client_credentials&
  scope=SCOPE
```


```HTTP Request
POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Basic xxxxx

  grant_type=client_credentials&
  scope=SCOPE
```


```HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token":"eyJz93a...k4laUWw",
  "token_type":"Bearer",
  "expires_in":86400,
  "scope":"SCOPE"
}
```

| Parameter | Description |
|  --- | --- |
| `grant_type` (required) | Denotes the flow you are using. For Client Credentials use `client_credentials`. |
| `client_id` (required) | Your application's Client ID. |
| `client_secret` (required) | Your application's Client Secret |
| `scope` (required) | The scope for the access token, can't be an OpenID scope. |