Grant Types

Appibase supports two main authorization grant flows, in line with the OAuth 2.0 Security Best Current Practice, namely the Authorization Code and the Client Credentials grant types.

To request an Access Token, the Client obtains authorization from the Resource Owner. The authorization is expressed in the form of an Authorization Grant, which the Client uses to request the Access Token.

Deciding which grant to use depends on the Access Token owner and the Client type.

Grant types

The same decision flow diagram applies whether it’s for requesting access to the Storefront API or Admin API. Additionally, determining the required scopes for the Access Token request also depends on the OAuth application type and the Grant Type.

Grant type scopes