Page Comparison

...

1. POST to our token endpoint
   

   1. Set ? grant_type=client_credentials &and scope=externalapi in the post body

   2. Set Content-Type: application/x-www-form-urlencoded

   3. Set Authorization header

      1. Header format is Basic Base64(Utf8(clientId:secret)) 

      2. Example: The header for clientId = democlient and secret = demosecret would become ZGVtb2NsaWVudDpkZW1vc2VjcmV0

      3. So the Authorize header for the Identity server should be:
         Basic ZGVtb2NsaWVudDpkZW1vc2VjcmV0

   4. Example return value:

      Return value

      Code Block
      language json
      { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciNlcyIsImV4cCI6MTQ2MzA", "expires_in": 3600, "token_type": "Bearer" }

2. When calling one of our web services set the Authorize header to: 

   1. Bearer access_token

   2. Example: Bearer eyJ0eXAiOiJKV1QiLCJhbGciNlcyIsImV4cCI6MTQ2MzA

...