Server-to-server authentication (Client credenitals)
Server-to-server authentication (also called machine to machine or app to app) is used for integrations between applications where no user is present. This approach enables secure communication between backend services, APIs, or microservices.
For guidance, see the Duende documentation on machine-to-machine communication.
Tutorials
| Tutorial | Description | Link |
|---|---|---|
| Calling the API from a Web Host | Describes the flow with code sample of using IHttpClientFactory together with Duende's AccessTokenRequestHandler |
Client credential in a Web server host |
| Manual token request | Describes the Bearer and DPoP token flow with manual token request samples | Client credential token request flow |