> ## Documentation Index
> Fetch the complete documentation index at: https://domoinc-openapi-sync-dataflows.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Access Token

> To interact with Domo’s APIs through OAuth security, you will need to obtain authorization and authentication. In order to access Domo APIs, a user must first be authenticated (prove that they are whom they say they are) through a client ID and client secret.

Once a user has been authenticated, they can then create an access token to authorize what the scope of functionality will be available for each API for that specific access token.

In the Basic Auth paradigm, your `client_id` will serve as the `username` and your `client_secret` will be the `password`



## OpenAPI

````yaml /openapi/platform/authentication.yaml GET /oauth/token
openapi: 3.0.0
info:
  title: API Authentication
  version: 1.0.0
  description: "\n## OAuth Authentication\n\nThe following section provides more detail on the OAuth authentication and authorization approach. In order to access Domo APIs, a user must first be authenticated (prove that they are whom they say they are) through a `client ID` and `client secret`.\n\nOnce a user has been authenticated, they can then create an `access token` to authorize what the scope of functionality will be available for\_each API for that specific access token.\n\n\n<!-- theme: info -->\n\n> #### Best Practice\n>\n> The Domo SDKs (Java or Python) are often the recommended approach to leveraging the above Domo APIs: that's because they provide a nice wrapper for each endpoint and automatically handle refreshing your access token.\n> Learn more about our SDKs [here](sdks.md).\n\n\n<!-- theme: info -->\n\n> #### Security Consideration\n>\n>A Client ID is a public identifier while the Client secret is considered confidential.\n\nEnsure these credentials are not placed in client or server-side code and are not committed to repositories.  If accidentally posted to a public repo, rotate them ASAP. Do not store or transmit the secrets in insecure locations, server configuration files, log files, emails, messaging apps, etc.\n\nThe clidntid and secret will be used in authorization requests to obtain access tokens.  Always use secure protocols for such requests.\n\n\n## Quickstart\n---\nTo leverage the APIs in Domo will require you to obtain an access token. \_This quickstart will walk you through the three steps needed to\_authenticate and begin developing.\n<ol>\n \t<li>Create client ID and secret</li>\n \t<li>Create access token</li>\n \t<li>Use access token</li>\n</ol>\n\n### Step 1: Create client ID and secret\n---\nIn order to generate a <strong>client ID</strong> and <strong>client secret</strong> you will need your Domo instance name (i.e. the name preceding your domo.com URL, in the case of \"<em>acmecompany</em>.domo.com\" your instance name would be <em>acmecompany</em>).\n\nTo create a client ID and secret you will need to [log in](https://developer.domo.com/login)\_within the Developer Portal. \n\nYou will be prompted to enter your instance name and then your user credentials.\n\n<a href=\"https://s3.amazonaws.com/development.domo.com/wp-content/uploads/2017/08/03114756/Login1.png\"><img class=\"aligncenter size-full wp-image-3170\" src=\"https://s3.amazonaws.com/development.domo.com/wp-content/uploads/2017/08/03114756/Login1.png\" alt=\"\" /></a>\n\nYou'll be redirected to the [manage clients page](https://developer.domo.com/manage-clients) where you can see your existing clients or [create a new one](https://developer.domo.com/new-client)).\n\nOn the Developer Portal Homepage, if you're logged in, you should also now see a \"My Account\" dropdown where you can manage clients, create a new one, or logout.\n\nAfter submitting successfully, you will now have a newly provisioned client ID and secret on the [Manage Clients page](https://developer.domo.com/manage-clients).\n\n\n### Step 2: Create access token\n---\nOnce you obtain your client ID and client secret you will then need to obtain your access token. You can do so in our [interactive documentation using the Get Access Token endpoint](https://developer.domo.com/portal/d9520f5752d56-get-access-token) or using the example `curl` requst below.\n\n```bash\ncurl -v -u {CLIENT_ID}:{CLIENT_SECRET} \"https://api.domo.com/oauth/token?grant_type=client_credentials&scope={SCOPE}\"\n```\nPlease note that in the above example, when using the -u command line option, cURL correctly formats the client id and secret to a basic authorization header.  If you are programmatically requesting access tokens, make sure that you are correctly including the basic authorization header with your Base64 encoded credentials.  See the [OAuth client credential grant type access token request specification](https://tools.ietf.org/html/rfc6749#section-4.4.2) and the [HTTP Basic Authentication Scheme specification](https://tools.ietf.org/html/rfc2617#section-2) for more information.\n\nAn example with your `scope`,`client_ID`, and `client_secret` would look similar to below:\n\n```bash\ncurl -v -u 441e307a-b2a1-4a99-8561-174e5b153fsa:f103fc453d08bdh049edc9a1913e3f5266447a06d1d2751258c89771fbcc8087 \"https://api.domo.com/oauth/token?grant_type=client_credentials&scope=data%20user\"\n```\n\nOnce you request a token with the curl command, you should receive the following response with an associated access token:\n\n```json\nHTTP/1.1 200 OK\nCache-Control: no-cache, no-store, max-age=0, must-revalidate\nCache-Control: no-store\nConnection: keep-alive\nContent-Type: application/json;charset=UTF-8\nDate: Thu, 03 Aug 2017 17:05:58 GMT\nExpires: 0\nPragma: no-cache\nPragma: no-cache\nServer: nginx\nTransfer-Encoding: chunked\nX-Content-Type-Options: nosniff\nX-Frame-Options: DENY\nX-XSS-Protection: 1; mode=block\n\n{\n    \"access_token\": \"<your-valid-oauth-access-token>\",\n    \"customer\": \"acmecompany\",\n    \"expires_in\": 3599,\n    \"jti\": \"81dece4c-df73-4569-853c-2d1a328897fd\",\n    \"role\": \"Admin\",\n    \"scope\": \"data user\",\n    \"token_type\": \"bearer\",\n    \"userId\": 964382593\n}\n```\n<!-- theme: info -->\n\n> #### Best Practice\n>\n> Domo's SDKs simplify the authentication process. Obtain a Client ID and Client Secret and then update the placeholders to begin developing.\n\n\n### Step 3: Use access token\n---\nNow that you have received your access token, you will use it for each of your request.  It is recommended to simplify the process with the following request with:\n\n```bash\nexport ACCESS_TOKEN=<your-valid-oauth-access-token>\n```\n\nBelow is an example of a request with an example token:\n\n```bash\nexport ACCESS_TOKEN=<your-valid-oauth-access-token>\n```\n\nNow that you've exported your token, you can dynamically populate when making calls to any of Domo's API like in the example below:\n\n```bash\necho '{\"name\": \"Sales Operations Team\", \"default\": false}' | http -v POST https://api.domo.com/v1/groups Authorization:\"bearer $ACCESS_TOKEN\" --pretty=format\n```\n\n### Important terms\n---\n**OAuth 2.0:** OAuth 2.0 is an authentication framework as defined by the [RFC-6749](https://www.rfc-editor.org/rfc/rfc6749) standard. \_OAuth 2.0 focuses on client developer simplicity while providing specific authentication flows for web and desktop applications. Generally speaking, OAuth provides clients with secure delegated access to server resources on behalf of a resource owner. It allows resource owners to authenticate and authorize third-party access to their server resources without the need to share personal\_credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth uses short-lived\_access tokens, issued to a\_client by an authentication server, with the approval of the resource owner. The client then uses the access token to access the protected resources hosted by the resource server.\n\n**Client ID:** An ID used to uniquely identify a third-party client.\n\n**Client Secret:** A secret code that proves to the authentication server that the client program\_is authorized to make a request on behalf of the user. Client Secrets are required for OAuth 2.0. A\_program\_requesting an access token has to know the client secret in order to gain the token. This prevents malicious apps that have not been authorized from ever obtaining a valid access token. A Client Secret doesn’t state anything about authenticating a user; it’s simply authorizing an app to request access tokens. A client secret must be protected at all costs; if the secret is compromised, a new one must be generated and all authorized programs must be updated with the new client secret.\n\n### OAuth 2.0 handshake summary\n---\n<img class=\"aligncenter size-full wp-image-177\" src=\"https://s3.amazonaws.com/development.domo.com/wp-content/uploads/2016/02/26180423/authimage2.png\" alt=\"authimage\" />\n\n### Next Steps\n---\nStart experimenting with the [Domo OAuth APIs](../API-Reference/Domo-APIs/API-Authentication.yaml). In addition to the above approach from the command line, you can also generate an access token and test using directly within the Domo Developer Portal.\n\n![getauthtokenpage.png](../../../assets/images/getauthtokenpage.png)\n\n\n## Need additional help?\nNo problem, we'd love to help.\_Explore our\_[documentation](https://knowledge.domo.com) or join other developers in\_Domo's [Developer Forum](https://dojo.domo.com/t5/Domo-Developer/bd-p/DeveloperForum). \_For further\_help, feel free to [email us](mailto:support@domo.com)\_or [contact our sales team](mailto:sales@domo.com)."
servers:
  - url: https://api.domo.com
    description: Domo API
security:
  - API Key - 1: []
paths:
  /oauth/token:
    get:
      summary: Get Access Token
      description: >-
        To interact with Domo’s APIs through OAuth security, you will need to
        obtain authorization and authentication. In order to access Domo APIs, a
        user must first be authenticated (prove that they are whom they say they
        are) through a client ID and client secret.


        Once a user has been authenticated, they can then create an access token
        to authorize what the scope of functionality will be available for each
        API for that specific access token.


        In the Basic Auth paradigm, your `client_id` will serve as the
        `username` and your `client_secret` will be the `password`
      parameters:
        - name: grant_type
          in: query
          schema:
            type: string
          example: client_credentials
          description: The type of access token you are requesting.
          required: true
        - schema:
            type: string
            example: account, dashboard, data
          in: query
          name: scope
          description: >-
            Allows you specify a subset of the Client's granted scopes to limit
            which parts of the API access tokens may interact with. The value is
            a space separated list of strings containing any of the following
            scopes: account, audit, buzz, dashboard, data, and user.
      responses:
        '200':
          description: OK
          headers:
            Server:
              schema:
                type: string
                example: nginx
            Date:
              schema:
                type: string
                example: Mon, 28 Nov 2022 22:45:11 GMT
            Content-Type:
              schema:
                type: string
                example: application/json;charset=utf-8
            Transfer-Encoding:
              schema:
                type: string
                example: chunked
            Connection:
              schema:
                type: string
                example: keep-alive
            Vary:
              schema:
                type: string
                example: Accept-Encoding, User-Agent
            Cache-Control:
              schema:
                type: string
                example: no-store
            Pragma:
              schema:
                type: string
                example: no-cache
            X-Content-Type-Options:
              schema:
                type: string
                example: nosniff
            X-XSS-Protection:
              schema:
                type: string
                example: 1; mode=block
            X-Frame-Options:
              schema:
                type: string
                example: DENY
            Content-Encoding:
              schema:
                type: string
                example: gzip
            Strict-Transport-Security:
              schema:
                type: string
                example: max-age=31536000; includeSubDomains
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token:
                    type: string
                  customer:
                    type: string
                  expires_in:
                    type: integer
                  jti:
                    type: string
                  role:
                    type: string
                  scope:
                    type: string
                  token_type:
                    type: string
                  userId:
                    type: integer
                x-examples:
                  Example 1:
                    access_token: >-
                      GhX52tNtsnyQQybNBtjrc9KbH4DhKTxPbdHcvfHnX3NYGjBWSzdP9kNxWbwDdNMSYqt3VKSBxVXAMYjBAhtvMpscB9edmSjd8BE3gfpGw8uAZhwAHccekG2yBZMse7CPHQkv8JSKcykz4gbcuWak8RpPkVCc8cCZzAzmE7bXQrAGwmPG6wh7YMmBEB6ZPtz8ZYgBNH7S5MYwsJ295A99Bqz7Jn83U333cfT5JT5s5RSF9sUebAKw5cedBU4kf6qq9pFxJ3pcPKqbtZdzRVz4WtRDXsd87FjSVCFk36TRS6Q9GDdM2WZXJjKpEUtCDpX2GSBwsBJgWdWGe3VnTp9U46Fw5dsbBQwDZ4VSQuk9UKJdqfkR5WrfYueVReUKSjCHS6CXjs5RRBSSAmejE7wtDWfdJ2FGnZ9sBDK4eUgWCz8NXSXtWhQtQdenSM47rbSsWF9r8QwChDdQ93NBWYFfsxKcgBa9J6UyaG3T2GWMvgTHc8vTPMhhsS6ceMfEUJUKpQkuHsgtcC7uWWrYnnJFenR34Dr2GNAxkU3CPjys4M3xQNJRkbXyRwtEsEs275MnKQbyF4bayZKU7uJFQhVSjujmf2KRQrsnKamhNSfhJhyttaG48ZuYnTCnCVUvdJF7ATUh
                    customer: acmecompany
                    expires_in: 3599
                    jti: 81dece4c-df73-4569-853c-2d1a328897fd
                    role: Admin
                    scope: data user
                    token_type: bearer
                    userId: 964382593
              examples:
                Example 1:
                  value:
                    access_token: >-
                      GhX52tNtsnyQQybNBtjrc9KbH4DhKTxPbdHcvfHnX3NYGjBWSzdP9kNxWbwDdNMSYqt3VKSBxVXAMYjBAhtvMpscB9edmSjd8BE3gfpGw8uAZhwAHccekG2yBZMse7CPHQkv8JSKcykz4gbcuWak8RpPkVCc8cCZzAzmE7bXQrAGwmPG6wh7YMmBEB6ZPtz8ZYgBNH7S5MYwsJ295A99Bqz7Jn83U333cfT5JT5s5RSF9sUebAKw5cedBU4kf6qq9pFxJ3pcPKqbtZdzRVz4WtRDXsd87FjSVCFk36TRS6Q9GDdM2WZXJjKpEUtCDpX2GSBwsBJgWdWGe3VnTp9U46Fw5dsbBQwDZ4VSQuk9UKJdqfkR5WrfYueVReUKSjCHS6CXjs5RRBSSAmejE7wtDWfdJ2FGnZ9sBDK4eUgWCz8NXSXtWhQtQdenSM47rbSsWF9r8QwChDdQ93NBWYFfsxKcgBa9J6UyaG3T2GWMvgTHc8vTPMhhsS6ceMfEUJUKpQkuHsgtcC7uWWrYnnJFenR34Dr2GNAxkU3CPjys4M3xQNJRkbXyRwtEsEs275MnKQbyF4bayZKU7uJFQhVSjujmf2KRQrsnKamhNSfhJhyttaG48ZuYnTCnCVUvdJF7ATUh
                    customer: acmecompany
                    expires_in: 3599
                    jti: 81dece4c-df73-4569-853c-2d1a328897fd
                    role: Admin
                    scope: data user
                    token_type: bearer
                    userId: 964382593
components:
  securitySchemes:
    API Key - 1:
      type: http
      scheme: basic

````