improved

Auth API: Added support for passing client_secret and client_id in POST body

Until now, the documentation stated that the only way to submit client_id and client_secret is through the query parameters.

Query parameters in URL are deemed unsafe, that's why we are changing our documentation to instruct new customers to use POST body submission technique. On our end, all the sensitive query parameters have always been redacted and excluded from the logs.

Submitting these parameters is possible, and now recommended, through POST body, either as application/x-www-form-urlencoded key/value pairs or, preferably, as application/json fields. See the API reference here.

Examples:

curl --location 'https://api.personio.de/v1/auth' \
  --header 'Content-Type: application/json' \
  --data '{"client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET"}'
curl --location 'https://api.personio.de/v1/auth' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id=YOUR_CLIENT_ID' \
  --data-urlencode 'client_secret=YOUR_CLIENT_SECRET'