Machine-to-Machine Application — Standard Flow

Introduction

This diagram shows the successful authorization flow for a standard Machine-to-Machine Application using the Client Credentials Grant defined in OAuth 2.0.

During the Client Credentials flow, Mekarge A3 evaluates the Permissions granted directly to the Machine-to-Machine Application. No User identity or session is involved in the authorization process.

Flow Summary

Grant Type	Client Credentials
User Authentication	Not Required
Browser Redirects	No
Refresh Tokens	Not Supported

Typical Use Cases

Backend services calling internal APIs
Scheduled jobs and automation systems

You can find the Quick Start guide for Machine-to-Machine Application — Standard in the Mekarge A3 documentation.

Flow

Explanations

The Machine-to-Machine Application requests an Access Token using its Client credentials.
Mekarge A3 validates the Client credentials and returns an Access Token.
The Machine-to-Machine Application calls the Resource Server using the Access Token.
The Resource Server validates the Access Token and returns the API response.

Notes

Security

Use HTTPS for all API endpoints.
Store Client credentials in a secure secret manager.
Configure short-lived Access Tokens.
Restrict granted Scopes to the minimum required Permissions.