Skip to main content



To interact with our services, clients first need to obtain an access_token via our authentication endpoint. This token should then be used as a Bearer token for subsequent API calls to our services.

Obtaining the Access Token

To get an access_token, you need to make a POST request to our authentication endpoint with the required credentials.


POST https://<PA_AUTH_END_POINT>/auth2/connect/token

Required Headers

  • Content-Type: application/x-www-form-urlencoded

Required Body Parameters

  • client_id: Your client ID provided by us.
  • client_secret: Your client secret is provided by us.
  • grant_type: Must be set to client_credentials.

Sample Request

Here is an example of how to make the request using JavaScript (e.g., in a Node.js environment or a web browser):

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "YOUR_CLIENT_ID");
urlencoded.append("client_secret", "YOUR_CLIENT_SECRET");
urlencoded.append("grant_type", "client_credentials");

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: urlencoded,
  redirect: 'follow'

fetch("https://<PA_AUTH_END_POINT>/auth2/connect/token", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the credentials provided to you.


The response will be a JSON object containing the access_token along with other information like token type and expiry. Here is an example of a successful response:

  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL...",
  "expires_in": 3600,
  "token_type": "Bearer"

Using the Access Token Once you have obtained the access_token, include it in the Authorization header of your subsequent API requests as a Bearer token:

myHeaders.append("Authorization", "Bearer YOUR_ACCESS_TOKEN");

// Add other headers and request options as needed

Replace YOUR_ACCESS_TOKEN with the token you received.

Security Note

Ensure to keep your client_id and client_secret confidential and secure. Do not expose these credentials in client-side code where they can be easily accessed.