To authenticate requests to 24SevenOffice API, users must create an OAuth2 application in our system and obtain client ID and client secret.

In addition to client ID and client secret, users must also obtain an organization ID for which the application is granted access to. This is because 24SevenOffice is a multi-tenant application, where a personal login gives access to more than one organization and its people. Please, refer to each of the endpoints for Identity, Organization, and People in 24SevenOffice API for further details.

The application will then use these credentials (client ID, organization ID, and client secret) to obtain an access token for the user. The process of getting an access token follows OAuth 2.0 Client Credentials Flow (explained in details here: https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow)

Users must include this access token in the Authorization header of all requests over HTTPS.

If the access token is not valid or has expired, the API will respond with an HTTP 401 Unauthorized error, indicating that the request is not authorized.