Note
Note: 1Password SaaS Manager was previously named Trelica. Some commands and integrations still use or refer to Trelica. Follow directions as written to avoid errors.
Overview
The Client Credentials Flow is the simplest authentication scheme to implement:
- Request an Access Token from 1Password SaaS Manager.
- Make API calls passing the Access Token you received.
Authentication
Note
You must pass the Client ID and Client Secret in the Authorization header using the standard HTTP Basic Authentication Scheme.
Request an access token
POST https://<app|eu>.trelica.com**/connect/token**
Requests an access token for use with future API requests.
| Header | ||
Authorization * | string | As per the HTTP Basic Authentication Scheme, in other words Client ID and Client Secret concatenated with a colon, Base64 encoded, and prepended with the string "Basic ". |
| Body | ||
scope | string | The OAuth scopes for the data you want to access. The string is case-sensitive. Multiple scopes must be separated by a space character. If no value is passed then all scopes defined for the app will be requested. |
grant_type * | string | client_credentials |
Responses
HTTP 200
JSON containing the access token and associated information
{ "access_token": "<TOKEN>", "expires_in": 3600, "token_type": "Bearer", "scope": "Users.Read" }HTTP 400
invalid_client indicates that the Client ID or Client Secret were passed incorrectly (either incorrect values, or not according to the HTTP Basic Authentication scheme). invalid_scope indicates that the scope requested was incorrect, or does not belong to the list of scopes enabled for the SaaS Manager app associated with the credentials passed.
{ "error": "<ERROR_CODE>" }
Example
Requesting the access token using curl
curl https://app.trelica.com/connect/token \
--user "<CLIENT_ID>:<CLIENT_SECRET>" \
--data "grant_type=client_credentials&scope=Users.Read"
200
{ "access_token": "<TOKEN>", "expires_in": 3600, "token_type": "Bearer", "scope": "Users.Read" }400
{ "error": "<ERROR_CODE>" }Error Code Description invalid_client The Client ID and/or Client Secret are incorrect invalid_scope The scope requested was invalid
Making an API call with the access token you received
You can now make API calls, passing the access token you received as part of an Authorization header.
curl https://app.trelica.com/api/scim/v2/Users \
--header "Authorization: Bearer <ACCESS_TOKEN>"
or if you are on the SaaS Manager EU hosted environment:
curl https://eu.trelica.com/api/scim/v2/Users \
--header "Authorization: Bearer <ACCESS_TOKEN>"
By accessing or using 1Password Developer Tools, you agree to the API and SDK Terms of Service.
Was this article helpful?
Glad to hear it! If you have anything you'd like to add, feel free to contact us.
Sorry to hear that. Please contact us if you'd like to provide more details.