How authorization works

Authorization

The APIs uses OAuth 2.0 client credientials.

This means you first need to get a bearer token, which you must use when you request any API endpoint.

How to request a bearer token:

1. Set the content type to:
   Content-Type: 'application/x-www-form-urlencoded'
2. Add the following required variables in the request body.
   (We will send you the clientId, clientSecret, tenantid and scope as soon as your registration request is verified.
   client_id={yourClientId}
   grant_type=client_credentials
   client_secret={yourClientSecret}
   scope={yourScope}
   
3. POST a request to this URL. Same URL for both Test and Production
   https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
4. The response body contains an access_token. Add this token to the Authorization header in every HTTP request to the API, like this:
   Authorization: Bearer {access_token}
   Notice that the token contains an expire timestamp (exp). It is important to verify the expiration before reusing the token.