Client Credentials

Documentation under "General" for WP OAuth Server

Example Request

Request examples use line breaks for the body content to make it easier to read. The authorization header is composed of a base64 encoded value for “client_id:client_secret“.

POST /?oauth=token HTTP/1.1

Authorization: Basic cXhaNmZDb09NajRjTks4U1hSSGE1bnVnNnZuc3dsRldTRjM3aHNXMzpMMWZ6TG9zSmY5VGx3bkNDVFo1cGtLbWRxcWtIU2hLRWkwZDRvRk5F
Content-Type: application/x-www-form-urlencoded

Body Request

A successful response will contain the following.

  "access_token": "apvwxkbcxrnm9o92wmp4yjlbmoajeycfbn4ws6nx",
  "expires_in": 9087654,
  "token_type": "Bearer",
  "scope": "basic",
  "refresh_token": "z8wpp3pshgled4d81b4z8dmlc6ftwdscpgktyh7u"



Some servers running CGI can not process authorization headers. In this case you can pass the parameters “client_id” and “client_secret” in the body request.

POST /?oauth=token HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Body Request

By default any access token obtained using client credentials will no have a user assigned to it. This will result in an access token but not being able to use it to make authorized requests. If you do want to use a client id for client credentials, you should also create a WordPress user and assign it to the client in the editor. The user you create for the client id, should only have the capabilities you would like your application to have.

Search Documentation

General Articles

Below is a list of "General" documentation articles.

OAuth Server 3.7.3

WP OAuth Server Pro allows for Unlimited clients and multiple grant types.