Skip to content

Use a service account

To use the resources of the NL Flow backoffice API you need to authenticate with the credentials of an active service account to obtain the OAuth2 token that must then be included in each request.

To authenticate and get the token the access token resource must be requested with the POST verb and basic authentication set with the client ID and client secret of the service account used as the username and the password respectively. In addition, the request payload must have this content:

  • Key: grant_type
  • Value: client_credentials

The URL of the access token resource and the client ID of the service account are information that can be easily obtained, read the article dedicated to the topic to find out how.
The client secret, instead, is not accessible in the NL Flow Web application, so it must be retrieved it from the safe place where it was stored when creating the service account or editing the service account to regenerate it.

If authentication is successful, the access token resource is returned with status 200. Its content is JSON in which the OAuth2 token is the value of the access-token property. The token thus obtained must then be used in the Authorization header of each request to the backoffice API according to the bearer token scheme.