Obtaining the Access Token from the OAuth Server

The client/user can ask the OAuth Server for tokens for any of the authorized applications by issuing the following API call:

curl --request POST \
  --url https://example.oauthserver.com/ms_oauth/oauth2/endpoints/tokens \
  --header 'content-type: application/json' \
  --data '{"client_id":"CqwUDq2VQ6AH416sf7n42CZ2rNyElkDW","client_secret":"iA6bJ9OQ-tMWhVNUZylx6Km1_9tMuxVyKC4xNfWtPye72MjXyC3f1GJ38ttQ0oH9","audience":"hdr_fhir_api","grant_type":"client_credentials"}'

In this example, client_id and client_secret are assigned random representative values. You should change these values with the actual client Id and secret, obtained after registering the client with OAuth Server.

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsI........N7KT4ig",
  "token_type": "Bearer",
  "expires_in":600
}

You can now extract the access_token property value from the response to make authorized requests to your API.

Parent topic: Using the OAuth 2.0 protected API