With your client credentials, your application will make a direct request to the OAuth authorization server's Token endpoint to exchange them for an Access Token.
URL
Prod
Audience : https://ibexhub.ibexmercado.com
OAUTH2_DOMAIN : https://ibexhub.us.auth0.com
Sandbox
Audience : https://api-sandbox.poweredbyibex.io
OAUTH2_DOMAIN : https://ibexhub-staging.us.auth0.com
Making the Token Request
Your service client must send an HTTP POST request to the Auth0 token endpoint with the following specifications:
| Parameter | Value | Description |
|---|---|---|
| Method | POST | HTTP method for the request |
| URL | <OAUTH2_DOMAIN>/oauth/token | Replace AUTH0_DOMAIN with your actual Auth0 domain see above |
| Content-Type | application/x-www-form-urlencoded | Standard encoding for form data |
Request Parameters
Include these parameters in the request body:
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be set to client_credentials |
client_id | Yes | Your application's client identifier |
client_secret | Yes | Your application's client secret |
audience | Yes | The unique identifier of the target API. See above audiences |
Best Practices
Store client credentials securely using environment variables or secret management systems. Always use HTTPS for token requests. Implement proper token caching and renewal strategies. Monitor token expiration times to avoid service interruptions.
Common Issues
Invalid credentials: Double-check your client ID and secret. Wrong audience: Verify the API identifier matches your configuration. Scope issues: Ensure requested scopes are allowed for your client. Rate limiting: Implement appropriate retry logic with exponential backoff.