Access Token Authentication
The client MUST authenticate with the authorization server. Confidential clients or other clients issued client credentials MUST authenticate with the authorization server when making requests to the token endpoint.
Access token authentication example
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type = client_credentials