Skip to main content
The ClearPolicy API uses OAuth 2.0 bearer tokens for authentication. Every request must include a valid access token in the Authorization header. Tokens are scoped to a specific organization — the token you use determines which organization’s data is returned.

Get an access token

ClearPolicy uses the OAuth 2.0 client credentials flow. To create an OAuth client and issue a token:
1

Open API settings

In the ClearPolicy dashboard, go to Settings → API.
2

Create an OAuth client

Click Create OAuth Client. Give it a name and save. You’ll receive a client ID and client secret — store these securely.
3

Request an access token

Exchange your client credentials for a bearer token by posting to the token endpoint:
curl https://api.clearpolicy.app/oauth/token \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "scope": ""
  }'
The response contains your access_token:
{
  "token_type": "Bearer",
  "expires_in": 31536000,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJ..."
}

Pass the token in requests

Include the token in the Authorization header of every API request: 
Authorization: Bearer YOUR_ACCESS_TOKEN
Example request using the token: 
curl https://api.clearpolicy.app/v1/me \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Error responses

StatusMeaning
401 UnauthorizedThe token is missing, expired, or invalid.
403 ForbiddenThe token is valid but lacks permission for the requested resource.
Tokens are organization-scoped. Each OAuth client is tied to a single organization, and all API responses reflect that organization’s data.
Last modified on April 12, 2026