Accessing the Token

Overview

To retrieve a bearer token for use with Assessment Manager APIs, use the token endpoint with grant_type=client_credentials from the OAuth 2.0 specification.

What you can do
Obtain an OAuth 2.0 bearer token using client credentials
Use the returned access_token as a Bearer token in the Authorization header for all subsequent API calls

📋 Note: Credentials can be passed as URL parameters (client_id and client_secret) or as a Basic Authorization header where client_id is the username and client_secret is the password.

Endpoint Reference
Method
POST
URL
https://api.trustarc.com/api/auth/oauth/token
URL Parameters
Name Value Description
client_id String The client application credentials. Can also be supplied as a Basic Authorization header, where client_id is the username and client_secret is the password.
client_secret String
grant_type String The OAuth 2.0 grant_type method. Value must be client_credentials.
Sample curl Request
curl -X POST \
  -d 'grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>' \
  'https://api.trustarc.com/api/auth/oauth/token'
Responses
Success Response
Code: 200 OK
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 21599,
  "scope": "openid profile email",
  "accountId": "bg4sea4f-b9c9-48e7-b13a-d3e7dd2cdf44",
  "firstName": "User",
  "lastName": "Name",
  "jobTitle": "LegalPrivacyCompliance",
  "userId": "9d2eec10-5137-4592-bdcc-5d31bfc3f0dd",
  "email": "user.name@example.com"
}
Error Responses
Code: 400 Bad Request
Code: 401 Unauthorized
TrustArc  ·  Assessment Manager API — Accessing the Token  ·  support.trustarc.com