Getting an Access Token

Getting the Access Token

In order to get an Access Token, make a POST request to the token end point:

Including the following three parameters inside the request's body:

  1. grant_type: Will be "client_credentials" for this case
  2. client_id: The Client ID you were provided with
  3. client_secret: The Client Secret you were also provided
  4. scope: Either "integrator.admin" or "lockHolder.admin"

Integrator Admin Scope

Here's and example of an Access Token request with the integrator.admin scope:

curl --request POST '<<api_url>>/auth/v1/token/' \
--header 'Content-Type: application/json' \
--data '{
    "grant_type": "client_credentials",
    "client_id": "**Your Client ID**",
    "client_secret": "**Your Client Secret**",
  "scope": "integrator.admin"

The response will have the following format:

  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibm", // shortened for simplicity. Your actual token will be longer
  "token_type": "bearer",
  "expires_in": 3600,
  "scope": [

Use this Access Token to create a new Lock Holder or to get a list of all the Lock Holders this integrator has access to.


Did you know?

You can avoid making unnecessary extra requests to the Token request endpoint by storing your access_token in memory to authenticate your requests.

What’s Next

The next step will be to use the Lock Holder Admin Access Token to query for or create Lock Holders.

Once you get a hold of your Lock Holder IDs, you can use them to generate an Access Token with the lockHolder.admin scope to manage its Locks, Keys, Roles, and more.