Server-to-Server Integrations with Client Credentials Grant Type

AppExchange partners can’t upload a package with a server-to-server integration to AppExchange. Create a integration as a web app or a public app, which uses the authorization code grant type instead of the client credentials grant type.

A server-to-server integration performs tasks on behalf of the integration, without an end-user context, user interaction, or user interface.

Use the client credentials grant type to give your server-to-server integration access to Marketing Cloud Engagement resources. When you create an API integration in Installed Packages, the Marketing Cloud Engagement authorization server generates a client ID and client secret. In the client credentials flow, your client application uses this client ID and client secret to request an access token from the authorization server. The access token gives your application access to the REST and SOAP services. The client credentials grant type doesn’t have refresh tokens.

It can take up to five minutes before the access tokens generated by the v2/token endpoint incorporate the changes to the API integration in Installed Packages.

Installed Packages

  1. Request access token using client ID and secret. Your application requests an access token by providing the client ID and secret generated in Installed Packages.
  2. Extract access token. The authorization server returns an access token that your application must extract.
  3. Access resources. Your application accesses Marketing Cloud Engagement resources by using the access token it received and the REST or SOAP base URLs returned as part of the token response.