Authentication
How to authenticate with the Blueground Properties API using OAuth 2.0 client credentials.
Overview
The Blueground Properties API uses OAuth 2.0 Client Credentials flow for authentication. Partners must obtain an access token from Keycloak and include it in every API request.
Obtaining an Access Token
Endpoint
Body Parameters
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be client_credentials |
client_id | Yes | Your client ID provided by Blueground |
client_secret | Yes | Your client secret provided by Blueground |
scope | Yes | Must be partner-info |
Example Request
Token Response
A successful request returns a JSON object containing the access token.
| Field | Type | Required | Description |
|---|---|---|---|
access_token | string | Yes | The Bearer token to include in API requests |
expires_in | integer | Yes | Token validity period in seconds |
refresh_expires_in | integer | Yes | Refresh token expiry. 0 means no refresh token issued |
token_type | string | Yes | Always Bearer |
not-before-policy | integer | Yes | Policy timestamp. Typically 0 |
scope | string | Yes | Scopes granted to the token |
Using the Token
Include the access token in the Authorization header of every API request:
Token Expiry
Tokens are valid for 1 hour. Your client should request a new token before the current one expires. The expires_in field in the token response indicates the validity period in seconds.