--- title: OAuth 2.0 - Client Credentials excerpt: '' deprecated: false hidden: false metadata: title: '' description: '' robots: index next: description: '' --- OAuth 2.0 with Client Credentials grant type entails sending a valid Client ID and Client Secret in exchange for an Access Token. This Access Token is then used in subsequent requests, usually as a Bearer Token, to authenticate the API Request. * To set this up, choose `Oauth2` from the **Auth Config** dropdown list. * Required Info : ![](https://files.readme.io/854280acd12146f8071879b5a5f349d605f45c1475e1f156de273fce207a0feb-oauth2part1.png) * `Oauth 2 Grant Type`: This should be set to `Client Credentials Grant` * `Client ID`: This is where you input your actual Client ID value itself. * `Client Secret`: This is where you input your actual Client Secret value itself. * `Client Credentials Grant Scope`: This is where you can ***optionally*** input scopes associated with the OAuth credentials. * **Note:** Multiple scopes are separated by a single space * `Oauth2 Token Url`: This is where you input the ***full*** token URL. ![](https://files.readme.io/bcc9b8e4e124a8a84d6f5e996125a51bda365696d9e6858fe40875a5426a4f45-oauth2part2.png) * `Oauth2 Client Authentication`: This can be left blank.\ Moveworks will try making the request with both Basic Auth and Request Body Auth by default. * `Header Auth Key`, `Header Auth Value Pattern`, `Oauth2 Custom Grant Type`, `Oauth2 Custom Oauth Request Options Custom Grant Type`, `Oauth2 Custom Oauth Request Options Additional Headers` should all be left blank. * If needed, you can leverage `Oauth2 Custom Oauth Request Options Additional Request Data` to send additional body data needed for the request. * Data is sent in **x-www-form-urlencoded** format in the body like so: ```json curl --location 'URL' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=abcd-1234' \ --data-urlencode 'client_secret=secret123456' \ --data-urlencode 'Custom-body=abcde12345' \ ```