Authorization
Mix.api uses OAuth 2.0 for authorization. Two authorization flows are available and should be applied according to your use case:
- Client Credentials for machine-to-machine authorization: To communicate with Mix.api without manual intervention for user authorization, Nuance Mix requires a user with a service account to implement the Client Credentials flow. This flow must be enabled by your Nuance representative. Once a service account is enabled by Nuance, the client application obtains an access token by sending a client ID and a client secret. See Service account: OAuth 2.0 Client Credentials flow.
- Authorization code: To communicate with Mix.api on behalf of an end user—for example, through a service-side web application—use the OAuth 2.0 Authorization Code grant type flow. In this authorization flow, the client application obtains an access token by asking the user to authorize the app. It differs from the Client Credentials authorization flow in that it requires the client application to launch a browser to begin the flow and requires the user to authorize the client application, providing additional validation. This flow is enabled for all users. See OAuth 2.0 Authorization Code flow.
Note:
To implement OAuth2 authorization in your client applications, use an existing OAuth2 library available for your programming language. For a list of available libraries, see the
OAuth 2.0 website
.
Use the service account and OAuth 2.0 Client Credentials flow for machine-to-machine communication, such as running offline Mix.api scripts.
Use the OAuth 2.0 Authorization Code grant type flow to communicate with Mix.api on behalf of an end user.
Regenerate the client secret for secret rotation or if, for example, you lose it or it has become compromised.