Service Integrations

Creating Service Integrations

Service Integrations

A Service Integration is designed for machine-to-machine integrations where user interaction is not required. These applications strictly make API calls and utilize the client_credentials OAuth2 grant type to acquire access tokens from the Authorization Server. This type of application typically runs on a server or on-premise, and it is considered confidential.

Key Characteristics

  • No End-User Authentication: Service applications do not involve end-users in the authorization process.
  • Machine-to-Machine Use: Ideal for backend integrations where applications communicate directly with each other.
  • Confidential: Ensures that sensitive information, such as client secrets, remains secure on the server.

Token Request

Service applications use the client_credentials OAuth2 grant type to obtain access tokens. Below is an example demonstrating how to request an access token:

curl --request POST --url https://connect.visma.com/connect/token --header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials&scope=visma_api:read&client_id=demoapp&client_secret=SECRET&tenant_id=af1140c1-52e0-46c7-b684-df894d4b8a5a'

Request Parameters

  • grant_type: Must be client_credentials.
  • scope: Specifies the scope of API access requested by your application.
  • client_id: The unique identifier of the application, obtained during registration.
  • client_secret: The confidential secret provided when registering the application.
  • tenant_id (optional): Used to specify the tenant for API data access. Required for tenant-based APIs, such as visma_api:read.

Your application requires tenant administrator permission before using tenant_id in the token request.

Token Response

Upon a successful request, the authorization server returns a token formatted as follows:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVENDc...7MTOBbdd5mgb2CHzxL0RFjs24pqC1pCeUqOjbg",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "visma_api:read"
}

By following these steps, developers can effectively configure service applications to securely interact with Visma APIs.

Last modified October 16, 2025