This guide describes the OAuth 2.0 Client Credentials Flow, the industry-standard method for secure machine-to-machine (M2M) communication. It allows your application to authenticate directly with PMS to obtain a JWT Access Token for API access

1. Obtain Your Credentials

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

To get started, contact ------TBD---- to receive your unique credentials:

• Client ID: A unique public identifier for your application.
• Client Secret: A private key used for authentication. Never share this secret or commit it to version control.

2. Exchange Credentials for a JWT Access Token

Send a POST request to PMS token endpoint

https://cps-poc-api-access.auth.eu-south-2.amazoncognito.com/oauth2/token

You can authenticate using one of two common methods:

Option A: Basic Authentication (Recommended)

Combine your Client ID and Client Secret with a colon (ID:Secret), encode the string in Base64, and include it in the Authorization header. Put grant_type=client_credentials as body.

    POST /oauth2/token HTTP/1.1
    Host: cps-poc-api-access.auth.eu-south-2.amazoncognito.com
    Authorization: Basic <Base64_Encoded_Credentials>
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=client_credentials

Option B: Request Body

Include credentials directly in the request body.

    POST /oauth2/token HTTP/1.1
    Host: cps-poc-api-access.auth.eu-south-2.amazoncognito.com
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

3.Handle the Token Response

A successful request returns a JSON object containing your JWT Access Token:

    {
      "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "token_type": "Bearer",
      "expires_in": 3600
    }

4. Use the JWT in API Calls

Include the access token in the Authorization header of every API request using the Bearer scheme.

      curl -X POST "https://l89hmcdo52.execute-api.eu-south-2.amazonaws.com/default/api/v1/reservation/checkin" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "hotelConfirmationNumber": "value1",
           "hotelNumber": "value2"
           .....
         }'

Key Considerations

• Security: Always use HTTPS for token and API requests to protect credentials in transit.
• Token Caching: Store tokens in memory and reuse them until they expire to minimize overhead.
• No Refresh Tokens: The Client Credentials flow does not provide refresh tokens; simply request a new access token using your credentials when needed.