The preferred authentication method is to include an Authorization header with the value of Basic <client_id:client_secret> in your request. The body of the request must be grant_type=client_credentials.
If your user agent cannot set the Authorization header, you may include the client_id and client_secret in the body of the request as form encoded parameters. The body of the request would then be grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>.
The client can optionally specify a scope parameter to limit the scope of the returned access token. In turn, the server uses a scope response parameter to inform the client of the scope of the actual access token issued. The actual scope returned may not match the scope requested.
Subsequent requests to Workiva APIs are authorized using the bearer token.
Click Try It! to start a request and see the response here!