Skip to main content
POST /oauth/token Obtains access tokens for server-to-server API calls using the OAuth 2.0 Client Credentials grant type.

Required Headers

Authorization
string
required
Basic authentication in the format: Basic Base64(client_id:client_secret)
Signature
string
required
SHA256withRSA algorithm signature: algorithm=RSA256, keyVersion=1, signature=****
Client-Id
string
required
Identifier provided by A+ (e.g., 2022091495540562874792)
Request-Time
string
required
RFC3339 formatted timestamp accurate to seconds
Content-Type
string
application/json; charset=UTF-8

Request Parameters

grantType
string
required
Fixed value: client_credentials
scope
string
Permission scope. Use openid for Mini Program scenarios.

Response Parameters

result
object
required
Standard result object with resultCode, resultStatus, resultMessage
accessToken
string
Bearer token for subsequent API calls.
tokenType
string
Always Bearer.
expiresIn
number
Token validity period in seconds.
scope
string
Granted permission scopes.

Result Codes

resultStatusresultCodeDescription
SSUCCESSRequest successful
FPARAM_ILLEGALMissing or invalid required parameter
FINVALID_AUTH_CLIENTClient authentication failed
FUNSUPPORTED_GRANT_TYPEUnsupported grantType value
FACCESS_DENIEDMissing or invalid authorization header
FINVALID_SCOPEInvalid scope value
UUNKNOWN_EXCEPTIONServer error occurred