Skip to main content
The Clients tab in the Account management portal lets you create and manage API clients for your organisation. API clients use the client_credentials grant type, which allows you to attach roles directly to an API client without requiring a user account.
Only users with the customer administrator role can perform these tasks.

Create an API client

To create an API client, follow these steps:
  1. In GBG GO, click Account management. The Account management portal opens in a new tab.
  2. Log in to the Account management portal with your GBG GO credentials.
  3. Click Clients.
  4. Click Add.
  5. In the Name field, enter a name for your API client. For example, “GO API Client.”
  6. Select a department in the Department list.
  7. Click Add.
The Client added screen displays your client ID and client secret.
Copy your client secret now and store it somewhere safe. This is the only time you can access the secret. If you need it again, then you must generate a new secret.

Assign a role to an API client

You must assign a role to an API client before it can authenticate API requests.
  1. Click Back to return to the Clients tab. You’ll see the API client you just created in the list of clients.
  2. Click the API client you just created.
  3. Click the Roles tab.
  4. Click Add.
  5. Navigate to the Roles tab.
  6. Click Add.
  7. Assign the Go API Access role to the client.
  8. Click Add role. A success alert message is displayed at the top of the page.

Regenerate a client secret

If you lose your client secret, you can regenerate it. To regenerate a client secret, follow these steps:
  1. In the Clients tab, click the three dots on the right side of the API client you want to regenerate the secret for.
  2. Click Regenerate Secret.
  3. Click Regenerate Secret in the confirmation dialog.
The new client secret is displayed in a success alert message at the top of the page. Copy the new client secret and store it somewhere safe.
If you regularly rotate your client secret, set up two API clients and alternate between them. This separates the credential change in your production system from regenerating an individual secret, so you can rotate secrets without downtime.

Request an access token

Once you have created an API client and assigned a role, you can request an access token. Send a POST request to the /as/token.oauth2 endpoint with the following parameters:
ParameterValueDescription
grant_typeclient_credentialsThe authentication method. Must be set to client_credentials.
client_idYour client IDThe client ID generated when you created the API client.
client_secretYour client secretThe client secret generated when you created the API client.
scopegbg.tokenThe scope required to authenticate with GBG GO.
Example request:
cURL
curl --request POST \
  --url https://api.auth.gbgplc.com/as/token.oauth2 \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials' \
  --data 'client_id=your-client-id' \
  --data 'client_secret=your-client-secret' \
  --data 'scope=gbg.token'
For details on the response schema, refer to the Generate access token endpoint reference.