Machine-to-machine OAuth2 for personal-token clients. Exchange a client_id and client_secret for a short-lived access token with no interactive login.
This is the simplest way to call the Aries API when your app only ever acts as one user. If you are building an integration that signs in on behalf of many different users — a partner/business integration — use the Authorization Code flow instead.
Only user-scoped (personal-token) clients may use this grant.
Allowed: personal-token clients — client IDs like ARI-PERSONAL-TK.<entropy>, which are bound to a single user. The issued token acts as that user.
Not allowed: business/partner clients — client IDs like ARI-PARTNER.*. These receive an unauthorized_client error and must use the interactive Authorization Code flow instead.
A personal-token client — Register a personal-token client in Client Center / Manage Account to get a client_id (e.g. ARI-PERSONAL-TK.xxxxx) and client_secret.
Secure storage — Somewhere safe to keep the client_secret, such as environment variables or a secrets manager.
The client_secret is shown only once when you create the client. Copy it immediately and store it securely. If lost, regenerate it in Client Center / Manage Account.
Send your credentials to the token endpoint. The endpoint accepts the request body as either application/x-www-form-urlencoded (the OAuth2 standard) or application/json.Endpoint:POST https://api.aries.com/v1/oauth2/tokenRequest body:
Field
Required
Description
grant_type
Yes
Must be client_credentials
client_id
Yes
Your client identifier (e.g. ARI-PERSONAL-TK.xxxxx)
client_secret
Yes
Your client secret
Client authentication is done with these body parameters. HTTP Basic authentication is not supported for this endpoint.