7.1. Logging in for 3rd-party systems

If a 3rd-party system wants to access the specific API for company creation and similar, it needs to fetch an authentication token for itself directly.

This is done by requesting a grant type of client_credentials:


curl -s https://client_id:[email protected]/oauth/token/ \


// Token expiry time
"expires_in": 600,
// Refresh token
"refresh_token": "cU8PqVszJXX8A3bzFWKjMUfJK3nXXB",
// Access token to be used in Authentication: Bearer <token>
"access_token": "WlMxwPLaAG3krmvJxyzkSiVgIGaPIdH",
// Token type. Currently only “Bearer” is available
"token_type": "Bearer",
"scope": "read write"

This token may then be used to call the 3rd-party API.


Impersonating a user

If a 3rd-party API needs to impersonate a user / work on his behalf, it possible to retrieve an OAuth token for such user. For details on how this works, please contact CargoX.