Client credentials workflow - Intergraph Smart Completions - Intergraph Smart Completions Update 18 - Customization & Programming - Hexagon

Intergraph Smart Completions Smart API Programmer's Getting Started Guide (5.3.18)

Intergraph Smart Completions
Search by Category
Customization & Programming
Smart Completions Version

The client credentials workflow is generally used for server-to-server interactions that run in the background. This section presents an example access token request using the client credentials workflow.

Get set up

Make sure your client is registered, and has the client credentials, which are the Client ID and Client Secret.

SHARED Tip If you do not have a client yet, you can download and set up a client like Postman.

Request an access token from the authorization server

Using the client credentials, request an access token from the authorization server:

POST <Authorization_Server_Token_URL>/v1/token

To do so, specify the following information in the request.

Request Section

Information to Specify

Key-Value Pair to Use

Authorization Header

Client credentials

"authorization": "basic <Base64 encoded credentials>"

The Basic authorization type requires client credentials to be encoded in Base64.

Request Header

Content type

"content_type": "application/x-www-form-urlencoded"

Request Body

Grant type

"grant_type": "client_credentials"


"scope": "ingr.api"


The Base64 encoding scheme is used to encode binary data to when it is stored or transmitted. Encoding the data ensures that it is not modified or corrupted during transport.

You can use any programming language to encode the client credentials.

Get the access token from the response

The authorization server response will include the access token, for example:


"token_type": "Bearer",

"expires_in": 3600,

"access_token": "eyJhbG[...]1LQ",

"scope": "ingr.api"


Use the access token

Send a request from your client to the API, specifying the access token in the authorization header. For example:

"authorization": "Bearer <access_token>"

An access token is valid for one hour, after which it expires. To get a new token, send a new request to the authorization server.