OAuth 2.0 is an open protocol for authenticating users. It distinguishes the different parties dealing with customer data, and defines how they can access this data.
Terminology
OAuth 2.0 defines the following parties:
- Authorization Server: This is the central server responsible for authenticating clients.
- Users: Humans that interact with NextChapter. Not applicable for the API.
- Clients: The applications that needs to request access to the NextChapter API.
- Resource servers: The server(s) that manage the resources. This is the NextChapter API.
There are multiple ways of obtaining a token, but for this API a simple Client Credentials flow is used.