OAuth 2.0

OAuth 2.0 (Open Authorization) is an industry-standard protocol that allows applications to access data or perform actions on behalf of a user or system, without exposing sensitive credentials. It provides granular, consented access to specific scopes and ensures that client applications can interact with API People APIs securely.

Rather than sharing passwords, OAuth 2.0 enables the use of access tokens issued by an authorization server.

OAuth 2.0 Authentication Flow

The steps below describe the process of authentication with OAuth 2.0:

1. Clients obtain an Access Token from the API People authorization server.
2. This token is included in the Authorization header of API requests:

   Authorization: Bearer YOUR_ACCESS_TOKEN

3. The token grants the client scoped access to resources as authorized by the user or system.

For security, access tokens are time-limited and may require refreshing depending on the grant type.

Token Retrieval

To learn how to retrieve your OAuth2.0 token see the Retrieve OAuth Token page.