Skip to main content
API clients are machine credentials — a client ID and client secret — used for programmatic access to /v1/query and management APIs. Each client is assigned one or more OAuth scopes that control what it can do. Use the client credentials grant to exchange a client ID and secret for a bearer token: 
POST https://cognito-idp.<region>.amazonaws.com/<userPoolId>/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=<clientId>&client_secret=<clientSecret>
See Authentication for the full token exchange flow.