How to use OAuth 2.0 - Client Credentials

The Client Credentials flow can be used for testing and debugging purposes. You can also use this method to connect your site with your GetResponse account. Client Credentials does not require setting redirect_url on your server, so this flow is a good starting point for practicing using GetResponse OAuth. If you want to access other people's GetResponse accounts, you need to implement the Authorization Code flow. In that flow, the account owner will have to permit your application to access his/her account.


  • This is a first-steps document, covering the basics of the Client Credentials authorization method. For a comprehensive discussion of OAuth 2.0 methods, please refer to the API documentation.
  • We suggest you use the Postman application as an API test utility (this is a third party tool commonly used by developers). You can also use the cURL library.
  • We also recommend that you not implement OAuth from scratch in your application. Instead, you should use a third-party library appropriate to your system architecture, e.g. for PHP with provider, Ruby, or Python.

Register application and obtain authorization data

  1. In your GetResponse account, click to the Profile icon in the top right corner.
  2. In the drop-down menu, select Integrations & API.
  3. In the side menu, click the Authorizations tab.
  4. Click the Add new app button.
  5. Enter a name, description, and logo of your application. Next, enter a Redirect URL. This is the URL to which GetResponse will redirect your client during the authorization process. This should be an URL in your domain, for example:
  6. Click Add.

Your registered app will appear under Connected applications. Click on the app name to display:

  • Client ID - This is the "application username". It identifies your application in the GetResponse system.
  • Client secret key - This is the "application password". This key should be strictly confidential and protected.

You need these parameters to obtain an authorization token. Now you can send a request. Be sure to replace client_id and client_secret_key with their actual values:

curl -X POST \
  -u  client_id:client_secret_key \ \
  -H 'Content-Type: application/json;charset=utf-8' \
  -d '{
    "grant_type" : "client_credentials"

You should get the following response:

    "access_token": "ac8839aae",
    "expires_in": 86400,
    "token_type": "Bearer",
    "scope": null

Access_token will be a string of letters and numbers. Use the token in the header field Authorization: Bearer to authorize any further calls, e.g.:

curl -X GET \ \
  -H 'Authorization: Bearer ac8839aae' \
  -H 'Content-Type: application/json;charset=utf-8'

Refresh token

The token expires in expires_in time (given in seconds). Once this happens, you'll get the following response:

      "httpStatus": 401,
      "code": 1014,
      "codeDescription": "Problem during authentication process, check headers!",
      "message": "The access token provided is expired",
      "moreInfo": "",
      "context": {
          "sentToken": "ac8839aae"

You will then have to obtain a new token.