How authorization works
Authorization
The APIs uses OAuth 2.0 client credientials.
This means you first need to get a bearer token, which you must use when you request any API endpoint.
How to request a bearer token:
-
Set the content type to:
Content-Type: 'application/x-www-form-urlencoded' -
Add the following required variables in the request body.
(We will send you the clientId, clientSecret, tenantid and scope as soon as your registration request is verified.
client_id={yourClientId}
grant_type=client_credentials
client_secret={yourClientSecret}
scope={yourScope}
-
POST a request to this URL. Same URL for both Test and Production
https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token -
The response body contains an access_token. Add this token to the Authorization header in every HTTP request to the API, like this:
Authorization: Bearer {access_token}
Notice that the token contains an expire timestamp (exp). It is important to verify the expiration before reusing the token.