Configure Authentication for your Application

Once you have created your application, you need to configure it so that it can authenticate against the Account, Extension and User APIs. The VBC APIs use OAuth for authentication.

Generating the authentication keys

  1. Log into

  2. Select "My Applications" in the left-hand navigation menu.

  3. On the "My Application" page, locate your Application in the table and click the "View" link in the "Actions" column.

  4. Select the "Production Keys" tab:


    Note that the default grant type is Code. The grant type is the method OAuth uses to generate an access token. When you create a production application you will typically want to use this method to authenticate requests. The Refresh Token option will create a new token when the current one expires.

  5. In the "Callback URL" field, enter a valid callback URL that your application will use to receive the generated token. If you haven't created your application yet, enter http://localhost for now and remember to enter the correct URL when you are ready to test it.

  6. Click the "Generate Keys" button. This generates the "Consumer Key" and "Consumer Secret" that your application will use to request a token.

  7. Look at the "Endpoint Examples" and "Generating Access Tokens" samples to learn how to request the authentication code and exchange it for an access token:


In production, you should use the authorization_code grant type (Code) and this is the only option shown in the My Applications tab at The Code grant type requires your application to implement a valid callback URL to retrieve the authorization code from the Vonage servers and exchange it for a token. See the Endpoint examples in the My Applications tab to learn how to create the authorization and token requests.

Authenticating with the password grant type

All the code snippets in the VBC API documentation use the password grant type instead of the recommended authorization_code to make them easy to run. This grant type does not require you to implement a callback URL. Instead, you provide your VBC user name and password to request a token.

Replace the following placeholders in the example with your own values:

Write the code

Add the following to

Copy to Clipboard
curl -k -d "grant_type=password&username=$VBC_USERNAME&password=$VBC_PASSWORD" \
        -d "&client_id=$VBC_CLIENT_ID&client_secret=$VBC_CLIENT_SECRET" \

View full source

Run your code

Save this file to your machine and run it:


When you run it, you will receive a JSON response with the access_token embedded in it. You need this token to use the Account, Extension and User APIs:


Now that you have configured authentication, you must subscribe to the Provisioning API before you can use the Account, Extension, and User APIs.