This guide describes the  **OAuth 2.0 Client Credentials Flow**, the industry-standard method for secure machine-to-machine (M2M) communication. It allows your application to authenticate directly with PMS to obtain a **JWT Access Token** for API access

### 1. Obtain Your Credentials

To get started, contact **------TBD----** to receive your unique credentials:

- **Client ID:**  A unique public identifier for your application.
- **Client Secret:**  A private key used for authentication.  **Never share this secret or commit it to version control**.


### 2. Exchange Credentials for a JWT Access Token

Send a  `POST`  request to PMS token endpoint

`https://cps-poc-api-access.auth.eu-south-2.amazoncognito.com/oauth2/token`

You can authenticate using one of two common methods:

#### Option A: Basic Authentication (Recommended)

Combine your `Client ID` and `Client Secret` with a colon (`ID:Secret`), encode the string in **Base64**, and include it in the `Authorization` header. Put `grant_type=client_credentials` as body.


```
    POST /oauth2/token HTTP/1.1
    Host: cps-poc-api-access.auth.eu-south-2.amazoncognito.com
    Authorization: Basic <Base64_Encoded_Credentials>
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=client_credentials
```

#### Option B: Request Body

Include credentials directly in the request body.


```
    POST /oauth2/token HTTP/1.1
    Host: cps-poc-api-access.auth.eu-south-2.amazoncognito.com
    Content-Type: application/x-www-form-urlencoded
    
    grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET
```

### 3.Handle the Token Response

A successful request returns a JSON object containing your  **JWT Access Token**:


```
    {
      "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "token_type": "Bearer",
      "expires_in": 3600
    }
```

### 4. Use the JWT in API Calls

Include the access token in the  `Authorization`  header of every API request using the  `Bearer`  scheme.


```
      curl -X POST "https://l89hmcdo52.execute-api.eu-south-2.amazonaws.com/default/api/v1/reservation/checkin" \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "hotelConfirmationNumber": "value1",
           "hotelNumber": "value2"
           .....
         }'
```

### Key Considerations

- **Security:**  Always use  HTTPS  for token and API requests to protect credentials in transit.
- **Token Caching:**  Store tokens in memory and reuse them until they expire to minimize overhead.
- **No Refresh Tokens:**  The Client Credentials flow does  **not**  provide refresh tokens; simply request a new access token using your credentials when needed.