Hi Vineet! Thanks for the question! In this demonstration, we are generating a system-system API call, which, in this case, the Client Credentials grant type makes the most sense. It doesn't matter if the clientId/clientSecret are passed in the headers or body of the request in order to accomplish the handshake and generate an access token by the auth server. Hope that helps! - Firas
nice explanation !
Why put client secret in body?
Hi Vineet! Thanks for the question! In this demonstration, we are generating a system-system API call, which, in this case, the Client Credentials grant type makes the most sense. It doesn't matter if the clientId/clientSecret are passed in the headers or body of the request in order to accomplish the handshake and generate an access token by the auth server. Hope that helps! - Firas