Service Integrations

<page>
<metadata>
<title>Service Integrations</title>
<path>/vismanetapi/setting-up-your-integration/developer-portal/service-integrations</path>
<kind>section</kind>
<description>Creating Service Integrations</description>
<lastmod>2025-10-16T11:16:31+02:00</lastmod>
</metadata>
<content>
# Service Integrations

Creating Service Integrations

## Service Integrations

A Service Integration is designed for machine-to-machine integrations where user interaction is not required. These applications strictly make API calls and utilize the `client_credentials` OAuth2 grant type to acquire access tokens from the Authorization Server. This type of application typically runs on a server or on-premise, and it is considered confidential.

## Key Characteristics

- **No End-User Authentication**: Service applications do not involve end-users in the authorization process.
- **Machine-to-Machine Use**: Ideal for backend integrations where applications communicate directly with each other.
- **Confidential**: Ensures that sensitive information, such as client secrets, remains secure on the server.

## Token Request

Service applications use the `client_credentials` OAuth2 grant type to obtain access tokens. Below is an example demonstrating how to request an access token:

```bash
curl --request POST --url https://connect.visma.com/connect/token --header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials&scope=visma_api:read&client_id=demoapp&client_secret=SECRET&tenant_id=af1140c1-52e0-46c7-b684-df894d4b8a5a'
```

### Request Parameters

- **grant_type**: Must be `client_credentials`.
- **scope**: Specifies the scope of API access requested by your application.
- **client_id**: The unique identifier of the application, obtained during registration.
- **client_secret**: The confidential secret provided when registering the application.
- **tenant_id** (optional): Used to specify the tenant for API data access. Required for tenant-based APIs, such as `visma_api:read`.

Your application requires tenant administrator permission before using `tenant_id` in the token request.

## Token Response

Upon a successful request, the authorization server returns a token formatted as follows:

```json
{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjVENDc...7MTOBbdd5mgb2CHzxL0RFjs24pqC1pCeUqOjbg",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "visma_api:read"
}
```

By following these steps, developers can effectively configure service applications to securely interact with Visma APIs.</content>
</page>