Client ID and Client Secret for Authorization server

According to the specification of OAuth 2.0 (RFC 6749), a client ID is required when you make an authorization request to an authorization server.  Client id and Client Secret for Authorization server will be provided in a password protected zip sent by

We need to know your phone number, as we will send you zip’s pw in text) – that will have both, Sandbox/Production credentials.

  • The x-IBM client ID and secret should be used in the headers of all HTTP requests. For example when calling /subscriptions/api/merchants/me
  • The OTHER client id/secret pair from the zip file, should be used, when during the openID flow (so when getting/renewing access token), for example for /authorize and /token calls

Please do not confuse the information from the zip file with the  x-IBM client ID credentials. The credentials that are sent via zip is meant for the OpenID Connect flow, and not the specific api calls