Skip to main content



Bold Penguin supports OAuth2 using client credentials type grant requests. Service requests to the Bold Penguin API must be authorized using an access tokens from the authentication service.

The static tokens used for dispositioning requests are the only exception.

Access tokens are valid for 12 hours.


Your account manager will provide you with a unique Client ID and Client Secret per Bold Penguin environment.





You submit an OAuth2 client credentials grant and receive an access_token in response.

This is your bearer token for subsequent API requests.



Request Syntax

curl \
-F grant_type=client_credentials \
-F client_id=<client_id> \
-F client_secret=<client_secret>

Request Parameters

Form Data

  • grant_type

    • Must be client_credentials
    • Type: String
    • Required: Yes
  • client_id

    • Must be your unique client_id provided to you by Bold Penguin
    • Type: String
    • Required: Yes
  • client_secret

    • Must be your unique client_secret provided to you by Bold Penguin
    • Type: String
    • Required: Yes

Response Syntax

"access_token": <string>,
"token_type": "bearer",
"expires_in": <integer>,
"refresh_token": <string>,
"scope": <empty string>,
"uid": <string>,
"info": {
"name": <string>,
"email": null,
"first_name": <string>,
"last_name": <string>,

Response Elements

  • access_token
    • The bearer token to provide for subsequent API requests
    • Type: String
  • token_type
    • Type: String
    • This will always be bearer
  • expires_in
    • Expiration for this token is 12 hours set in seconds (43200)
    • Type: Integer
  • refresh_token
    • Refresh tokens are not currently enabled
    • Type: String
  • scope
    • Access scope for this token (currently an empty string)
  • uid
    • Unique ID for this token
    • Type: String
  • info
    • Service client details for your account(often "Tenant Integrations Service Client")
    • Type: JSON

Status Codes

  • 200 Success
  • 401 Unauthorized (verify client credentials and authorization header)


Example Request

curl \
-F grant_type=client_credentials \
-F client_id=12345abcde \
-F client_secret=<67890fghij

Example Response

"access_token": "7UkvNeAabPduAvyvu4XEqSCC",
"token_type": "bearer",
"expires_in": 43200,
"refresh_token": "wYwtq6NGie5paAR2XHK6uF1f",
"scope": "",
"uid": "f00718ea-3c64-45f1-99de-2ac34cea139a",
"info": {
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client"
"extra": {
"raw_info": {
"user_id": "8de85azr-ec20-4f2c-b8b4-0ae3c067c73b",
"tenant_id": "8823a91f-54f9-4866-aec7-67a5f1062be1",
"tenant_name": "My Agency",
"primary_user_group_id": "a621af94-f454-4ffc-b56c-08971630b622",
"user_group_ids": [
"name": "Tenant Integrations Service Client",
"email": null,
"first_name": "Tenant Integrations",
"last_name": "Service Client",
"permissions": [
"auth_uid": null,
"completed_steps": []