API Security and Access
The OAuth 2.0 Authorization Framework specification defines four flows to get an Access Token. These flows are called grant types, and each one is best suited to different use-cases for your application.
- Authorization Code: used by Web Apps executing on a server. This is also used by mobile apps, using the Proof Key for Code Exchange (PKCE) technique.
- Resource Owner Password Credentials: used by trusted apps, typically trusted enterprise apps internal to an organisation.
- Client Credentials: used for machine-to-machine communication.
Capita DeX APIs are accessible by access tokens obtained using the Client Credentials or Authorization Code grant types. When clients are configured for you to use, the grant type allowed ("flow") will be set for each client.
For more information on access tokens, please click here