Guides
  1. Authentication

Using Machine-Level OAuth

This guide walks you through implementing the Client Credentials Flow. This is the standard method for backend services, ingestion scripts, and device synchronization that do not involve a human user.

Step 1: Request a Token

Make a direct call to the API token endpoint. Note that this endpoint is strictly for machine-to-machine authentication.

POST https://api.flocksafety.com/oauth/token

Headers:

  • Content-Type: application/x-www-form-urlencoded

Body Parameters:

  • grant_type: client_credentials
  • client_id: YOUR_CLIENT_ID
  • client_secret: YOUR_CLIENT_SECRET
  • audience: com.flocksafety.integrations (or com.flocksafety.integrations.dev for Sandbox).

Example cURL:

curl --request POST \
  --url https://api.flocksafety.com/oauth/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data audience='com.flocksafety.integrations'

Step 2: Use the Token

The response will contain an access_token valid for 24 hours.

Example Response

{
  "access_token": "foobar",
  "token_type": "Bearer",
  "expires_in": 86400
}

Sending the token

The token provided to you is a Bearer token and should be included with a Authorization: Bearer {token} header on your requests to Flock APIs.

For example:

curl --request POST \
  --url https://api.flocksafety.com/api/v3/lookup 
  --header 'authorization: Bearer <access token>'
  ...

Updated about 2 months ago