OAuth 2.0
Client Credentials Grant
This grant is for machine-to-machine communication where a single user's permission is not required.
The client sends a POST request to https://www.pandora.com/oauth/v1/token with the content type application/x-www-form-urlencoded and the values.
| Parameter | Description | Type | Example | Required |
grant_type |
client_credentials indicating that we are using the client credentials grant type. |
string | "client_credentials" | Yes |
scope |
A space-delimited list of requested scopes. Only “webapi” is supported for now. The default is also “webapi”. | string | "webapi" | Yes |
Additionally, the client should include a basic authentication header that looks like the following:
Authorization: Basic Base64Encode(client_id:client_secret)
The authorization server responds with a JSON object that contains:
| Parameter | Description | Type | Example |
token_type |
The type of token to request. Usually "Bearer". | string | ""Bearer"" |
expires_in |
The time in seconds the token is valid for. | string | "webapi" |
access_token |
The access token that can be used to access a Pandora protected resource. | string | "STRING" |
Note: No refresh token is granted with this grant type. Instead, when the token expires, re-fetch the access token with the client credentials grant.