Authentication APIs provide a secure and efficient way to authenticate users in both server-side and client-side environments.
In order to access any REST API, you must first acquire an API token using Basic authentication, then use the API token to access REST APIs through Bearer authentication.
The client access token supports scope, which allows you to have fine-grained access control over what a client access token can do. The use of scopes in tokens helps to improve the security of the system by limiting the access that a particular token can have. This means that if a token is compromised or stolen, the attacker will only have access to the resources and actions that the token was authorized for.
The following diagram illustrates the scenarios where the customer may use the Authentication APIs:
REST authentication sequence