# OAuth Authentication

🔒 Premium Feature

The OAuth 2.0 (machine-to-machine) and SSO authentication flows are premium features that must be enabled by the Verifiable team.
- Availability: These features are available as add-ons to select Verifiable plans.
- Provisioning: These features require organizational-level provisioning through a one-time configuration by the Verifiable team. To ensure maximum security, endpoints are not enabled by default.
- Next Steps: To enable these authentication methods for your organization, please contact your Customer Success Manager or reach out to our Support Team.


It is possible to use the OAuth Client Credentials flow to authenticate with the Verifiable API. In order to use this flow, you must use the client ID and a client secret from Verifiable. You must send the client credentials along with the grant type client_credentials in a URL-encoded format.

Endpoint: POST /auth/oauth/token
Version: 26.2.5.926

## Request fields (application/x-www-form-urlencoded):

  - `client_id` (string)

  - `client_secret` (string)

  - `grant_type` (string)

## Response 200 fields (application/json):

  - `access_token` (string)
    The access token to use to access the Verifiable API.

  - `token_type` (string)
    The OAuth 2.0 token type (ex. Bearer).

  - `expires_in` (integer)
    The number of seconds in which the access token will expire.


## Response 400 fields

## Response 401 fields

## Response 403 fields

## Response 500 fields