Client ID and Client Secret for Authorization server

According to the specification of OAuth 2.0 (RFC 6749), a client ID is required when you make an authorization request to an authorization server. Client ID and Client Secret for Authorization server will be provided in a password protected zip sent by

We need to know your mobile phone number, as we will send you the password for the zip in a text message.

  • The x-IBM client ID and secret should be used in the headers of all HTTP requests. For example when calling GET /api/merchants/me
  • The OTHER client ID/secret pair from the zip file, should be used, when during the OpenID flow (when getting/renewing access token), for example in /authorize and /token calls.

Please do not confuse the information from the zip file with the 'x-IBM client' credentials. The credentials that are sent via zip is meant for the OpenID Connect flow, and not the specific API calls