For Agents
Mint OAuth 2.0 access tokens for AT&T platform APIs by calling the AT&T client-credentials token endpoint.
Get started with AT&T OAuth in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"get an AT&T access token"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with AT&T OAuth API.
Obtain a fresh OAuth 2.0 access token via POST /oauth/v4/token using client credentials
Refresh access tokens before expiry to keep AT&T platform calls authenticated
Issue per-scope tokens for downstream AT&T APIs that require scoped credentials
Centralise AT&T platform authentication for an agent that fans out to multiple AT&T services
GET STARTED
Use for: Get a fresh AT&T access token using client credentials, Refresh an expired AT&T access token, Retrieve a scoped token for a specific AT&T platform API, Check whether an AT&T client id and secret are valid
Not supported: Does not handle SMS, voice, billing, or downstream AT&T platform APIs — use for issuing and refreshing OAuth 2.0 access tokens only.
The AT&T OAuth API is the token endpoint for the AT&T developer platform. It implements the OAuth 2.0 client-credentials flow at /oauth/v4/token, returning the access tokens that other AT&T platform APIs require for authentication. Although the API itself has a single operation, that operation is the gating step for any AT&T platform integration — without it, downstream AT&T services cannot be called.
Patterns agents use AT&T OAuth API for, with concrete tasks.
★ Token Issuance for AT&T Platform Integrations
Any service calling AT&T platform APIs needs an OAuth 2.0 access token before it can issue requests. The AT&T OAuth API's POST /oauth/v4/token implements client-credentials issuance, returning a bearer token tied to the requested scopes. An agent then uses that token in the Authorization header for downstream AT&T calls. Token issuance and refresh logic stays isolated in this single endpoint.
POST to /oauth/v4/token with grant_type=client_credentials, client_id and client_secret, and capture the returned access_token and expires_in
Scheduled Token Refresh
Long-running AT&T integrations need to refresh tokens before expiry to avoid 401 retries. A scheduler agent calls /oauth/v4/token on a cadence shorter than expires_in, caches the latest token, and rotates it into the downstream AT&T API client. This prevents window-edge auth failures during high-volume operations.
Run a scheduled task that requests a new token at expires_in / 2 and updates the cached value used by downstream AT&T API clients
AT&T Token Management via Jentic
Through Jentic, an AI agent calling an AT&T platform API never handles the OAuth client_id or client_secret directly. Jentic stores both in the encrypted vault, calls /oauth/v4/token on demand, and injects the resulting bearer token into downstream AT&T API requests. This collapses AT&T auth into a single Jentic configuration step.
Use Jentic to search 'get an AT&T access token', load POST /oauth/v4/token, and execute with the configured client credentials to retrieve a bearer token
1 endpoints — the at&t oauth api is the token endpoint for the at&t developer platform.
METHOD
PATH
DESCRIPTION
/oauth/v4/token
Obtain or refresh an AT&T platform OAuth 2.0 access token
/oauth/v4/token
Obtain or refresh an AT&T platform OAuth 2.0 access token
Three things that make agents converge on Jentic-routed access.
Credential isolation
AT&T client_id and client_secret are stored encrypted in the Jentic vault (MAXsystem). Jentic calls /oauth/v4/token on demand and injects the resulting bearer token into downstream AT&T API requests, so the agent never sees either credential.
Intent-based discovery
Agents search Jentic by intent (e.g. 'get an AT&T access token') and Jentic returns the POST /oauth/v4/token operation with its grant-type and client-credentials parameters, so the call shape is correct on the first try.
Time to first call
Direct integration: a few hours to wire the client-credentials flow, caching, and refresh. Through Jentic: a few minutes — Jentic handles issuance and rotation as part of the AT&T API call.
Alternatives and complements available in the Jentic catalogue.
Twilio
Programmable communications platform used as an alternative to telco-vendor APIs
Choose Twilio when the integration target is general-purpose programmable communications rather than AT&T-specific platform APIs
RingCentral
Cloud communications and contact-centre platform with its own OAuth 2.0 flow
Choose RingCentral when the workload is unified communications rather than AT&T platform APIs
Vonage Account API
Communications platform with account and credential APIs
Choose Vonage Account when the workload is Vonage-platform credential and account management
Specific to using AT&T OAuth API through Jentic.
What authentication does the AT&T OAuth API use?
The AT&T OAuth API itself implements the OAuth 2.0 client-credentials flow — callers pass client_id and client_secret to POST /oauth/v4/token. Through Jentic, both credentials are held in the encrypted vault and the call is made on the agent's behalf, so the secret never enters the agent's context.
Can I refresh an AT&T access token with this API?
Yes. POST /oauth/v4/token supports the OAuth 2.0 token endpoint behaviour, including issuing a fresh access token with the client-credentials grant. Long-running clients re-call this endpoint before expires_in elapses to maintain valid tokens.
What are the rate limits for the AT&T OAuth API?
AT&T throttles token-endpoint calls per client. The spec does not encode a numeric limit — the practical guidance is to refresh tokens at half the expires_in interval and avoid issuing a new token for every downstream call by caching the most recent valid token.
How do I get an AT&T access token through Jentic?
Search Jentic for 'get an AT&T access token', load POST /oauth/v4/token, and execute. Jentic posts grant_type=client_credentials with the stored client_id and client_secret, then returns the access_token and expires_in to the agent.
Is this the only AT&T API available?
This spec covers only the OAuth token endpoint, which is the gating step for the AT&T developer platform. Other AT&T platform APIs (messaging, telco services) sit behind the same OAuth flow and consume the access tokens issued here.