Start integrating with ONEiO for free!

ONEiO Inbound OAuth 2.0


ONEiO REST receiver supports OAuth 2.0 with the client credentials flow. For that purpose, there is a dedicated token resource and a receiver URI for each of the environments:

Token resource URI:

  • QA:
  • PROD:

REST Receiver URI:

  • QA:
  • PROD:

How it works

Here is a flow diagram of the OAuth 2.0 authentication mechanism.



The information needs to be sent in an x-www-form-urlencoded format and should contain grant_type, client_id, and client_secret keys.

The value of the grant_type is always client_credentials. Key values of client_id and client_secret are equal to the username and the password of the corresponding endpoint in ONEiO.


  curl --location --request POST ''\
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \ 
  --data-urlencode 'client_id=username' \ 
  --data-urlencode 'client_secret=password'

In response ONEiO will return a token that expires one hour from that moment:

  "access_token": "TOKEN GOES HERE", 
  "scope": "ROLE_INTEGRATION", 
  "token_type": "Bearer", 
  "expires_in": 3599 

All the consequent requests to the REST receiver should then use the value of the received token in the Authorization header with the prefix Bearer.  

  curl --location --request POST ''\
  --header 'Authorization: Bearer TOKEN GOES HERE'\ 
  --header 'Content-Type: application/json'\ 
  --data-raw '{"id": "123456789"}'
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.