GScore API

OAuth 2.0 Security

The API is secured by OAuth 2.0.

(A) The client requests authorization from the resource owner.

(B) The client receives a client credentials authorization grant.

(C) The client requests an access token through identity verification with the help of the authorization server and authorization grant provision.

(D) The authorization server verifies the client by checking the authorization grant and, if it’s valid, issues an access token.

(E) The client requests a secure resource from the provider and authenticates by presenting the access token.

(F)The provider checks the access token and, if valid, serves the request.

The Client Credentials Grant restricts access to resources by allowing requests only from registered client applications.

Client credentials, client id and client secret, are similar to a username and password respectively.

Client ID is the unique identifier for each client application while client secret is a code known only to the application and the authorization server.

These credentials are given to clients on partner onboarding.