Authentication with OAuth2

this tutorial explains how to connect to the api gateway (or sandbox) with (test) client credential, using oauth2 0 for authorization and authentication in order to execute these steps, you will need the client id and client secret, provided with the creation of your client you can also import the postman environment of your region, as explained sandbox testing docid\ ncff15xnu1wglst2wnm p before starting the authentication tutorial that will pre fill all the required variables into your environment, easy and quick! how to get an access token access tokens (and refresh tokens) can be generated using the url of the founda identity api https //auth \<region> founda com/oauth2/token the \<region> should be defined according to the different founda sandbox testing docid\ ncff15xnu1wglst2wnm p you can get a new access token by either using the pre defined postman environment, use the example curl command below, or follow the manual set up steps in postman example curl command in order to get an access token you can use the following curl command as an example curl location 'https //auth us founda com/oauth2/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'client id={{client id}}' \\ \ data urlencode 'client secret={{client secret}}' \\ \ data urlencode 'grant type=client credentials'{ "access token" "ory at v6g eclu6klfxbsfzhcc02wsdyqi2psyuww65fs siy xbvee 1bj10 3c26sezktwnwu5ffmgeverx58qy7wgm", "expires in" 3599, "scope" "", "token type" "bearer" } curl location 'https //auth eu founda com/oauth2/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'client id={{client id}}' \\ \ data urlencode 'client secret={{client secret}}' \\ \ data urlencode 'grant type=client credentials'{ "access token" "ory at v6g eclu6klfxbsfzhcc02wsdyqi2psyuww65fs siy xbvee 1bj10 3c26sezktwnwu5ffmgeverx58qy7wgm", "expires in" 3599, "scope" "", "token type" "bearer" } manual postman set up if you have downloaded the postman environment at the beginning, most variables will be pre filled otherwise configure the following settings in the authorization tab type oauth2 0 grant type client credentials access token url https //auth eu founda com/oauth2/token or https //auth us founda com/oauth2/token , depending on your sandbox testing docid\ ncff15xnu1wglst2wnm p client id enter your client's id client secret enter your client's secret client authentication "send client credentials in body" after filling in the required fields, choose "get new access token" and use the new token (postman will copy the token to the token field) please keep your api keys private api keys created should never be exposed in untrusted contexts never put client credentials in client side javascript, embed it in a web page, or otherwise allow users to access it if client credentials are exposed, lost, or stolen, then it is compromised revoke compromised keys immediately from your clients page to prevent unauthorized access