Skip to main content
POST
/
api
/
user
/
manage
/
v1
/
oauth
/
token
Obtain Access Token
curl --request POST \
  --url https://api.manus.im/api/user/manage/v1/oauth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=tm_RRa7dgjD_AFhru6AnZJ8W \
  --data client_secret=a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}
Questions or issues? Contact us at api-support@manus.ai.
Auth: None — credentials live in the form body, not a header.Token lifetime: 1 hour (3600 seconds). Cache and reuse — re-minting on every request will hit rate limits.Content-Type: application/x-www-form-urlencoded (not JSON).Scope: The returned access token only authorises /api/user/manage/v1/users* calls. It does not authorise the credential management RPCs (/team.v1.TeamManagementService/*) — those use a session token.Errors:
  • 400 INVALID_GRANT_TYPEgrant_type must be exactly client_credentials.
  • 400 INVALID_REQUESTclient_id or client_secret is missing.
  • 401 INVALID_CLIENT — credentials are unknown or have been deleted.
SailPoint settings: Token URL is /api/user/manage/v1/oauth/token, grant type client_credentials. See the SailPoint integration notes in the overview.

Body

application/x-www-form-urlencoded
grant_type
enum<string>
required

Must be client_credentials.

Available options:
client_credentials
Example:

"client_credentials"

client_id
string
required

Client identifier issued by team.v1.TeamManagementService/CreateApiCredential.

Example:

"tm_RRa7dgjD_AFhru6AnZJ8W"

client_secret
string
required

Client secret issued by team.v1.TeamManagementService/CreateApiCredential.

Example:

"a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"

Response

Token issued successfully.

access_token
string

OAuth 2.0 Bearer access token. Pass as Authorization: Bearer <token> on every users endpoint.

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

token_type
enum<string>
Available options:
Bearer
expires_in
integer<int32>

Token lifetime in seconds.

Example:

3600