1. Retrieve access token

    Call the token endpoint to get an access token for authentication. The [client_id], [client_secret] and [scope] are supplied (if not, see Request Access).
    In contradiction to the regular API calls, the Content-Type header of this request should be set to: 'application/x-www-form-urlencoded' 

    POST
    https://login.microsoftonline.com/2c7b1b62-7d5b-46a9-bc46-ab51bfcb07d8/oauth2/v2.0/token

    BODY
    client_id=[client_id]&
    client_secret=[client_secret]&
    scope=[scope]&
    grant_type=client_credentials
    Example call (CURL): 
     curl --location 'https://login.microsoftonline.com/2c7b1b62-7d5b-46a9-bc46-ab51bfcb07d8/oauth2/v2.0/token' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'client_id=[client_id]' \
    --data-urlencode 'client_secret=[client_secret]' \
    --data-urlencode 'scope=[scope]'

  2. Authenticate requests

    Include the token in the "Authorization" header in your requests. 

    Authorization : Bearer [access_token]