Use Credentials Programmatically
After the System API client is configured in the Guardhouse dashboard, external services can add the issued credentials to their backend service, obtain an access token, and call the API.
You can use this page to:
- configure a service with the Guardhouse
.NET SDK - follow the current
Python SDKintegration shape - request tokens directly with
curl
After your service can obtain tokens successfully, use the endpoint pages in this section to call the Guardhouse System API.
Inputs
You will typically need:
Issuer URLClient IDClient Secret- Guardhouse API base URL, if it differs from the issuer URL
- The
System APIscope or access configuration required by your Guardhouse setup
Access Token Request
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&audience=YOUR_API_AUDIENCE
&scope=YOUR_REQUESTED_SCOPES
cURL
curl -X POST "https://your-tenant.guardhouse.cloud/connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "audience=YOUR_API_AUDIENCE" \
-d "scope=YOUR_REQUESTED_SCOPES"
Sample Token Response
{
"access_token": "YOUR_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "YOUR_GRANTED_SCOPES"
}
Use the Token in API Calls
curl -X GET "https://your-tenant.guardhouse.cloud/api/..." \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
.NET SDK
using Guardhouse.SDK.Constants;
using Guardhouse.SDK.Extensions;
using Guardhouse.SDK.Services;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddGuardhouseClientWithApiClients(
authority: "https://your-tenant.guardhouse.cloud",
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
scope: AuthorizationConsts.Scopes.SystemApi,
apiBaseUrl: "https://your-tenant.guardhouse.cloud");
var app = builder.Build();
app.MapGet("/example/roles", async (IGuardhouseRolesClient rolesClient) =>
{
var roles = await rolesClient.GetRolesAsync();
return Results.Ok(roles);
});
Guardhouse .NET SDK registration helpers are safe to call multiple times. The SDK adds its internal infrastructure once, while later configuration delegates still apply option values.
Python SDK
# Placeholder.
# Official Python SDK support for System API client flows is in development.
#
# Example shape:
# client = GuardhouseApiClient(
# base_url="https://your-tenant.guardhouse.cloud",
# client_id="YOUR_CLIENT_ID",
# client_secret="YOUR_CLIENT_SECRET",
# )
# token = client.get_access_token()
Notes
- Replace placeholders with the real issuer URL, API base URL if separate, and access settings.
- When using the Guardhouse .NET SDK, request
AuthorizationConsts.Scopes.SystemApifor this integration. - The Python section currently documents the intended integration shape, but official System API client support is still in development.
- Reuse the bearer token when calling the endpoint pages in this documentation section.
- Keep the
Client Secretin secure storage and never hardcode it in production code. - This supports System API setup that may be composed from shared startup code, tests, or feature-specific wiring.
Next
After your service can request tokens successfully, continue with: