OAuth2 Client Credentials

Use this type when Zerq must obtain access tokens from an OAuth2 token endpoint.

Required fields

• Token URL
• Client ID
• Client secret
• Optional scope list

Runtime flow

1. Zerq requests token from token URL.
2. Zerq caches token until expiry.
3. Zerq adds Authorization: Bearer <token> to outbound requests.

Practical guidance

• Keep token URL reachable from gateway network.
• Use shortest practical token lifetime.
• Test scope errors early in staging.