Issue an access token

curl --request POST \
  --url https://api.getkroo.com/api/v3/oauth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=<string>' \
  --data 'client_secret=<string>' \
  --data 'scope=read:schedule_files write:schedule_files'

{
  "access_token": "f4a91d2bce7c4f0a9b8e3d6c5a2f1e8b9d7c6a5b4e3f2d1c0b9a8e7d6c5b4a3f",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "read:schedule_files write:schedule_files"
}

Authentication

Issue an access token

Exchanges client credentials for a short-lived Bearer token used to authenticate subsequent v3 API requests.

Submit grant_type=client_credentials together with your client_id and client_secret. The response includes the access_token to send as Authorization: Bearer <token>, the token_type (always Bearer), the lifetime in seconds, and the space-delimited scope actually granted.

Scopes: omit the scope parameter to receive every scope your client is registered for, or pass a subset (space-delimited). A request for a scope outside your client’s registered set returns invalid_scope.

Auth: the token endpoint itself is unauthenticated (no Bearer header). Authentication is performed by the client_id / client_secret pair you send in the body.

400 error codes (RFC 6749 §5.2):

invalid_client — missing or wrong client_id / client_secret.
unsupported_grant_type — grant_type is not client_credentials.
unauthorized_client — the client is not registered for the client_credentials grant.
invalid_scope — the requested scope exceeds the client’s registered scope set.

POST

oauth

token

Issue an access token

curl --request POST \
  --url https://api.getkroo.com/api/v3/oauth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=<string>' \
  --data 'client_secret=<string>' \
  --data 'scope=read:schedule_files write:schedule_files'

{
  "access_token": "f4a91d2bce7c4f0a9b8e3d6c5a2f1e8b9d7c6a5b4e3f2d1c0b9a8e7d6c5b4a3f",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "read:schedule_files write:schedule_files"
}

Body

application/x-www-form-urlencoded

grant_type

enum<string>

required

OAuth 2.0 grant type. Only client_credentials is supported on this endpoint for confidential clients.

Available options:

client_credentials

client_id

string

required

Issued when the API client was created.

client_secret

string

required

Issued when the API client was created.

scope

string

Optional space-delimited list of scopes to request. Defaults to the client's full registered scope set.

Example:

"read:schedule_files write:schedule_files"

Response

Access token issued

access_token

string

required

Bearer token to send in Authorization: Bearer <token>. Treat it as a secret; tokens are bearer credentials.

Example:

"f4a91d2bce7c4f0a9b8e3d6c5a2f1e8b9d7c6a5b4e3f2d1c0b9a8e7d6c5b4a3f"

token_type

enum<string>

required

Always Bearer. Use as the auth scheme in the Authorization header.

Available options:

Bearer

Example:

"Bearer"

expires_in

integer

required

Seconds until the token expires (3600 = 1 hour).

Example:

3600

scope

string

required

Space-delimited list of scopes actually granted on this token. May be narrower than what you requested if some scopes are not registered on the client.

Example:

"read:schedule_files write:schedule_files"

List schedule files