How to obtain an OAuth token?

I’ve seen the other thread about this, but I still can’t figure out how to whitelist my callback URL so I can kick off an oath flow.

The documentation mentions making a POST to /applications/{applicationId}/redirects and I have an App Key’ and an ‘App Secret’ but I don’t know how to authenticate this POST request, nor am I sure that the ‘App Key’ and the ‘applicationId’ are the same thing.

Am I supposed to trigger this POST from a logged in browser session? Is there some other way to authenticate this POST? The documentation doesn’t seem to cover non-oauth authentication.

Hello @marc and welcome to the Cayenne Community. I’m tagging @hcortes here who should be better able to assist with these questions.

Hi @marc,

For non-oauth authentication, make the a POST to with the following payload:

   "grant_type": "password",
   "email": "YOUR EMAIL",
   "password": "YOUR PASSWORD"

This will return an access_token and a refresh_token. You are able to use the provided non-oauth access_token to manage your application which will be using an Authorization: Bearer ACCESS_TOKEN header.

And the application id and application key will the same throughout the docs.


Thanks, this helped a lot.

I’m now able to do an explicit oauth flow and obtain a token from a user. I can create ‘things’ and list them in the API, using the token. I’ve even been able to ‘activate’ them by connecting to them using MQTT, but how do you get them to display in the cayenne dashboard? If I create a device using the bearer token obtained via the password authentication, it shows up in the cayenne dashboard fine. The devices created with the oauth token seem to be namespaced somewhere else, is there not a dashboard for those devices?

Basically I’d like to be able to create devices on a user’s cayenne dashboard auttomatically, is this not what the oauth grant is for?

what post is it.Http/json

See Cayenne API obtaining oauth Token using Postman - YouTube
I have used postman to obtain oAuth token

Hello, I’m going down this same route right now. Does this still work? I noticed this endpoint now 404s. I tried with

But am getting {"error":"unauthorized_client","error_description":"INVALID_CREDENTIALS: Invalid client credentials"}.