M2M Authentication - Documentation

Overview

We use the OAuth 2.0 Client Credentials Flow for secure machine-to-machine (M2M) communication. This allows backend systems to authenticate directly with our API without user interaction. To access protected endpoints (like APIs), you must:

Obtain a Client ID and Client Secret.
Exchange these credentials for an Access Token.
Include the token in the Authorization header of your API requests.

Step 1: Obtain Credentials

Before you can authenticate, you need an API Client. This is typically created by the Admin.

If you are a third-party integrator, request these credentials from the administrator.

When a client is created, you will receive:

Client ID: A public identifier for your application.
Client Secret: A private key known only to your application and the API.

Step 2: Generate Access Token

Once you have your credentials, use the /oauth/token endpoint to request an access token. (API Reference)

Request

POST /oauth/token Headers:

Content-Type: application/json

Body:

Parameter	Type	Required	Description
`grant_type`	`string`	Yes	Must be set to `client_credentials`.
`client_id`	`string`	Yes	Your unique Client ID.
`client_secret`	`string`	Yes	Your unique Client Secret.

curl -X POST "[https://api.wizlo.example.com/oauth/token](https://api.wizlo.example.com/oauth/token)" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "client-uuid-abc123",
    "client_secret": "your-secret-key-here"
  }'

Getting started

​Overview

​Step 1: Obtain Credentials

​Step 2: Generate Access Token

​Request

Overview

Step 1: Obtain Credentials

Step 2: Generate Access Token

Request