Authenticate using your new credentials

Overview of OAuth 2.0 Workflow for Private Clients

  1. Make a POST request to with client_id, client_secret, and grant_type specified in the body
  2. Get the Bearer Token (access_token) from the response to your POST request
  3. If leveraging Postman, use x-www-form-urlencoded option
  4. Use the Bearer Token in your API request, which will return a JSON response if successful

Note: each environment has its own specific authentication URL:

Production =
Sandbox =

Example Authentication

Request Body

  "client_id": "[your-client-id]",  
  "client_secret": "[your-client-secret]",  
  "grant_type": "client_credentials"  

Response Body

  "access_token": "[your-bearer-token]",  
  "expires_in": 900,  
  "token_type": "Bearer"  

Authentication Recipe