According to the specification of OAuth 2.0 (RFC 6749), a client ID is required when you make an authorization request to an authorization server. Client id and Client Secret for Authorization server will be provided in a password protected zip sent by firstname.lastname@example.org
We need to know your phone number, as we will send you zip’s pw in text) – that will have both, Sandbox/Production credentials.
- The x-IBM client ID and secret should be used in the headers of all HTTP requests. For example when calling /subscriptions/api/merchants/me
- The OTHER client id/secret pair from the zip file, should be used, when during the openID flow (so when getting/renewing access token), for example for /authorize and /token calls
Please do not confuse the information from the zip file with the x-IBM client ID credentials. The credentials that are sent via zip is meant for the OpenID Connect flow, and not the specific api calls