🔐 Authentication

We support the OAuth Machine‑to‑Machine Flow (client_credentials). Every request to our APIs must include an Authorization header with a valid access_token.

Obtaining an Access Token

After creating an account with us, you’ll receive:

client_id
client_secret

You can exchange these for an access_token via the authentication service.

bash

curl --request POST \
  --url https://<HOST>/oauth/token \
  --header 'content-type: application/json' \
  --data '{
    "client_id":"<client_id>",
    "client_secret":"<client_secret>",
    "audience":"https://api.tastemaps.co.uk",
    "grant_type":"client_credentials"
  }'

You will need to replace the client_id, client_secret and <HOST> in the request. Depending on your environment you will need to change the audience too.

Environment	Host	Remarks
Sandbox	`auth-sandbox.tastemaps.com`	Unavailable
Production	`auth.tastemaps.com`	Available

You will receive a jwt response like below:

json

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcGlAZGV2IiwiaWF0IjoxNjg3MDAwMDAwLCJleHAiOjE2ODcwMDM2MDB9.dummySignaturePartThatLooksReal123456",
    "expires_in": 300,
    "token_type": "Bearer"
}

DANGER

You must keep your credentials safe. Do not share your client id or client secret with anyone

🔐 Authentication ​

Obtaining an Access Token ​

🔐 Authentication

Obtaining an Access Token