Download OpenAPI specification:
The Access Token API issues OAuth 2.0 access tokens that enable authenticated and authorised access to Industry Data Exchange (IDX) APIs. This API allows Participant systems to obtain time‑limited access tokens using the OAuth 2.0 client credentials grant type. Issued tokens are bound to a registered service account and scoped to the Participant’s approved IDX entitlements.
Access tokens must be presented in the Authorization header as Bearer tokens when invoking IDX APIs via the AEMO API Gateway. Token validation and authorisation are enforced centrally to ensure only permitted Participants can access IDX services and business functions.
Exchanges client_id and client_secret for an access token using the client_credentials OAuth2 Grant flow.
| client_id required | string Client ID provided by AEMO |
| client_secret required | string Client Secret provided by AEMO |
| grant_type required | string OAuth2 Grant flow value |
| scope | string Optional space‑delimited list of entity names requested by the client. Each value represents a Business Function or IDX service the client wishes to access. Participants only need to specify the entity name; the ParticipantID(s) and permitted operations are resolved automatically based on the entitlements already granted to the service or user account. Any entity names that are not authorised for the supplied credentials are silently ignored. |
client_id=xxxx&client_secret=xxxx&grant_type=client_credentials
Returned when an access token is requested without a scope parameter. The issued token is valid but has no scopes associated with it and can only be used to access APIs that do not require scoped authorisation (for example, the Business Function Information API).
{- "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token_type": "Bearer",
- "expires_in": 3599
}