How authorization works

Authorization

The APIs uses OAuth 2.0 client credientials.

This means you first need to get a bearer token, which you must use when you request any API endpoint.

How to request a bearer token:

  1. Set the content type to:
    Content-Type: 'application/x-www-form-urlencoded'
  2. Add the following required variables in the request body.
    (We will send you the clientId, clientSecret, tenantid and scope as soon as your registration request is verified.
    client_id={yourClientId}
    grant_type=client_credentials
    client_secret={yourClientSecret}
    scope={yourScope}
  3. POST a request to this URL. Same URL for both Test and Production
    https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
  4. The response body contains an access_token. Add this token to the Authorization header in every HTTP request to the API, like this:
    Authorization: Bearer {access_token}
    Notice that the token contains an expire timestamp (exp). It is important to verify the expiration before reusing the token.