All API methods are protected through the OAuth 2.0 authorization protocol. This document does not attempt to explain the OAuth 2.0 protocol at a high-level. For a detailed understanding of the OAuth 2.0 specification, see OAuth 2.0 Authorization Protocol.
The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Every Partner must have a unique client ID and client secret in order to authenticate properly. A PRIVO Administrator will provide Partner with these values. Permissible grant types are unique to each Partner configuration. The PRIVO Administrator will work with each Partner to determine the appropriate grant types for Partner to use.