OAuth 2.0 Client Credentials Grant Integration Guide
This document provides guidelines for third-party applications to integrate with our software using the OAuth 2.0 Client Credentials Grant Type. This authentication method allows secure access to APIs without user interaction, ideal for server-to-server communication.
Obtaining Client Credentials
To begin integration, third-party providers must retrieve their Client ID and Client Secret from the System Access Token menu in the XeopleRecurite application. Follow these steps:
- Log in to the XeopleRecruit application.
- Click on your profile picture, select Administrator, and then choose System Access Token from the menu.
- Generate and retrieve your Client ID and Client Secret.
- Securely store these credentials and do not share them publicly.
Authentication Flow
Once you have your Client ID and Client Secret, follow these steps to authenticate:
-
- Make a POST request to the token endpoint. Include the following parameters in the request body:
-
-
-
client_id (Provided in System Access Token menu)
-
client_secret (Provided in System Access Token menu)
-
grant_type=client_credentials
-
scope (Optional: Define the required API scopes)
-
-
-
- A successful response will include an access token.
- Use this token for authenticating API requests.
-
- Include the token in the Authorisation header for all API requests.
Token Expiry and Renewal
- Access tokens are valid for a limited time.
- When expired, request a new token using the same authentication process.
Security Best Practices
- Store Client Secret securely and never expose it in front-end code.
- Use HTTPS for all API calls.
- Implement proper error handling for authentication failures.
Support
For any issues or clarifications, reach out to support@xeople with your Client ID and issue details.
Authorisation: Bearer YOUR_ACCESS_TOKEN
{
"access_token": "YOUR_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600
}
https://auth.xeople.com/oauth/token