Spreetail uses a simplified “Client Credentials” flow which uses a Client ID combined with a Client Secret that returns a access token. In our case, we return a JWT to be used as a Bearer Token.

This is a POST request that looks like this:

curl --request POST \
  --url 'https://{ApiDomain}/api/v0/oauth/token' \
  -H 'Content-Type: multipart/form-data' \
  -F 'GrantType=client_credentials' \
  -F 'ClientId={your client ID}' \
  -F 'ClientSecret={your client Secret} \

Which should respond with an object:

{
  "accessToken":"2YotnFZFEjr1zCsicMWpAA",
  "tokenType":"bearer",
  "expiresIn":3600
}

You can then use the “access_token” to call any secured endpoints:

curl --request GET \
  --url https://{ApiDomain}/api/v0/apiMethodCall \
  --header 'Authorization: Bearer {access_token}'