All API methods require an OAuth 2.0 Bearer token to be provided in the Authorization header for each HTTP request. The Bearer token can be obtained from the authentication server using OAuth 2.0 client credentials flow. The client ID and client secret required will be provided in Sectigo Certificate Manager. These can be provided to the authentication server to get an access token.
Use the code examples to create an access token on your local machine, if successful, the response will contain an access_token field that can be used as the value for Bearer token in the Authorization header in other API calls (expires_in states lifetime of the access token in seconds). Security is maintained since the access token is generated locally and all API requests using the token as sent directly from your browser.
Additional information can be found at Client Credentials and Making Authenticated Requests.
NOTE: The authentication server does not have a constant URL and may change for each customer. The authentication server to use will be returned in the authorization_uri field of the WWW-Authenticate header in any 401 Unauthorized response.