Password

Danger

Deprecated. The Password grant type is deprecated and will not work successfully. You can continue using the Password grant type if you started using it before February 2025. However, you should consider moving to a different grant type at your earliest convenience.

The Password grant type enables you to use your user’s Trustpilot Business username and password for authentication. You can only use this grant type from the server side to avoid exposing your API Secret and user credentials.

Request an access token

To request a token, use your API Key, API Secret, Trustpilot username and password. Method: POST https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstoken

Headers

Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]

Content-Type: application/x-www-form-urlencoded

You must concatenate and base64 encode your API Key and API Secret.

Payload

Name	Type	Description
grant_type	Required string	Value must be set to password
username	Required string	Your Trustpilot b2b login email
password	Required string	Your Trustpilot b2b login password

Example

grant_type=password&username=email@domain.com&password=Password

Response

The response contains the access token, refresh token and time of expiration:

{
    access_token: "AccessToken",
    refresh_token: "RefreshToken",
    expires_in: "359999"
}

When the access token expires, issue the same request to get a new token. You can also use the refresh token from the response.