> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apyguard.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth2 Client Credentials

> Configure machine-to-machine OAuth2 authentication in ApyGuard using client ID, client secret, and scopes.

## Overview

OAuth2 Client Credentials is used when a machine identity requests tokens directly from the provider without an end-user login.

## Configure OAuth2 Client Credentials in ApyGuard

1. Go to **Start Scan → Authorization Settings**.
2. Create a new authorization setting.
3. Choose **OAuth2 Client Credentials**.
4. Enter a descriptive **Authorization Setting Name**.
5. Configure token format and token location.
6. Select the API server so ApyGuard can detect OAuth2 configuration.
7. Review the detected OAuth2 metadata.
8. Create or select the matching client credentials record.
9. Save the authorization setting.

## Required credential fields

Create a credential record with:

* Client ID
* Client secret
* Scopes

## What users review in the UI

<CardGroup cols={2}>
  <Card title="Server-aware detection" icon="server">
    ApyGuard uses the selected API server to detect OAuth2 provider details before the setting is saved.
  </Card>

  <Card title="Machine credential pairing" icon="bot">
    The authorization setting is linked to a credential containing client ID, client secret, and scopes for the machine identity.
  </Card>
</CardGroup>

## Best fit

Use this method when:

* The API is consumed by backend services or integrations
* No human login is required
* The provider supports the client credentials grant

## What to verify

* The token endpoint matches the provider configuration
* The requested scopes are allowed for the client
* The client secret belongs to the correct environment

## Related pages

* [OAuth2 Password](/authentication/oauth2-password)
* [Security Scanning](/get-started/security-scanning)
* [Authentication Issues](/authentication/authentication-issues)
