2.4 Accessing Protected APIs

The client has to include the access token when invoking any OAuth protected API service. The API server will validate this access token and authorize the incoming API requests based on the scopes embedded in the access token. For information about validating the tokens, see Section 2.5.4, Validating a JWT Token.

2.4.1 Sample API request with access token using curl

 curl -X POST -H "Authorization: Bearer eyJhbGciOiJSU0ExXzU.....""https://api.oauth.apiserver.com/v1/resource"