For client_credentials you don't need any scopes. You'd need to enable Kinde Management API for the backend / regular web app, as it is not enabled by default.

How to test

Using Client Credentials to get an Access Token

  1. To access the management API, you will need to create a new Machine to machine application.

Screenshot 2023-01-12 at 10.32.46 am.png

  1. Enable the Kinde Management API for it with the toggle switch and hit save

Screenshot 2023-01-12 at 10.33.47 am.png

  1. Install Postman if you don’t have it already.
  2. It’s recommended that you set up a Postman “environment” and put your Kinde Machine to Machine app’s settings there to save repeating them. Make sure you enable the environment by putting the “tick” icon next to it so these variables are available to you. e.g:

Screenshot 2023-01-12 at 10.39.44 am.png

  1. In Postman, head to the Collections tab on the left, and create a new one called “Kinde”.

  2. In the 3 dots menu next to your new Kinde folder, select Add request.

    Screenshot 2023-01-12 at 10.46.40 am.png

  3. A new GET request should appear under the folder. Change it to a POST request and renamed to client_credentials.

  4. Set up the Authorization menu item to look like the below. The orange text e.g {{business_domain}} is replaced with the variables you set above automatically when you make a request

    Screenshot 2023-01-12 at 10.52.31 am.png

  5. Set the audience under Advanced Options to be as follows:

Screenshot 2023-01-12 at 12.33.48 pm.png

  1. Make sure the Headers menu item contains the below:

    Screenshot 2023-01-12 at 12.36.29 pm.png