There are 2 ways to get an Access Token for Backstage API:
Flow 1: Client Credentials
- Client submits
client_id
andclient_secret
to thetoken
endpoint. - Server returns an Access Token.
Guidelines
- Used for server-to-server communication.
- This flow is recommended.
For more detail, see: Client Credentials Flow
Flow 2: Password Credentials
- Client submits
client_id
,client_secret
,username
andpassword
to thetoken
endpoint. - Server returns an Access Token and Refresh Token.
Guidelines
- Used for client-to-server communication.
- This flow is generally not recommended.
For more detail, see: Password Credentials Flow
The topics that follow provide more detail for each of the above flows.