{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-guides/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Authenticate as an App","description":"Accelerate E&P application development and protect your innovation by consuming our Data and Domain APIs / Platform APIs.","lang":"en-US","meta":[{"name":"robots","content":"noindex"}],"llmstxt":{"hide":true,"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authenticate-as-an-app","__idx":0},"children":["Authenticate as an App"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Authenticating as an App involves non-interactive, system-to-system or application-to-application interactions where one application authenticates itself to another service without user interaction."," ","Confidential clients authenticate themselves using the Client Credentials Flow. Because it is the app that is being authenticated, no end user is involved. These apps, running server-side, must be trusted with the client secret."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"use-cases","__idx":1},"children":["Use cases"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["A back-end service or daemon authenticates itself to an API. (No user is involved.)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Common in microservices, background jobs, or server-to-server communication."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"authentication-flow-overview","__idx":2},"children":["Authentication flow overview"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Your app (the client) sends a POST request to the SLB Authenticator's token endpoint with:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["client_id"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["client_secret"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["grant_type=client_credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example request"]}]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"POST /v2/token HTTP/1.1\n Host: https://csi.slb.com\n Content-Type: application/x-www-form-urlencoded\n Authorization: Basic \n grant_type=client_credentials\n &scope=\n\n\ncurl --location --request POST 'https://csi.slb.com/v2/token' \\\\\n--header 'Content-Type: application/x-www-form-urlencoded' \\\\\n--header 'Authorization: Basic ' \\\\\n--data-urlencode 'grant_type=client_credentials' \\\\\n--data-urlencode 'scope='\n"},"children":[]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":""},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Request Parameter"]}]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":""},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Presence"]}]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":""},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Description"]}]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["grant_type"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["REQUIRED"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["For Client Credentials Grant, this value ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["must"]}," be ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_credentials"]},"."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["scope"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["OPTIONAL"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["If provided, must be a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["space-delimited"]}," list of client_ids of other clients that this client wishes to access with the access_token received from this grant. The \"aud\" claim in the access_token will contain these client_ids for validation."]}]}]}]}]}]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The authorization server validates the credentials."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If valid, it returns an access token."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Example Response"]}]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"HTTP/1.1 200 OK\nContent-Type: application/json;charset=UTF-8\nCache-Control: no-store\nPragma: no-cache\n{\n \"access_token\":\"ACCESS_TOKEN\",\n \"token_type\":\"Bearer\",\n \"expires_in\":3600,\n \"scope\":{\n \"valid\":[\"valid clients list\"],\n \"invalid\":[\"invalid clients list\"]\n }\n}\n"},"children":[]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The scope field in the response is only returned when the requested scopes contain some non existent or unauthorized client_ids."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The scope.valid field contains the authorized and valid scopes that were presented in the request. The valid scopes are also added to the aud claim of the access_token."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The scope.invalid field contains the unauthorized or nonexistent scopes that were presented in the request."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Your app uses this token to call the cloud APIs."]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"sample-application-for-authenticating-as-an-app","__idx":3},"children":["Sample application for authenticating as an app"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/cloud-apis/create-first-app/python-webapp-ccg-sample"},"children":["Sample python application"]}," (Obtain an Access token for Confidential clients with an ACF grant)"]}]},"headings":[{"value":"Authenticate as an App","id":"authenticate-as-an-app","depth":1},{"value":"Use cases","id":"use-cases","depth":2},{"value":"Authentication flow overview","id":"authentication-flow-overview","depth":2},{"value":"Sample application for authenticating as an app","id":"sample-application-for-authenticating-as-an-app","depth":2}],"frontmatter":{"seo":{"title":"Authenticate as an App"}},"lastModified":"2025-06-05T20:49:22.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/cloud-apis/create-first-app/authenticating-as-app","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}