# Authentication

ABSTRACT
To access the nBold API, a valid Azure Active Directory access token is required. This article explains how to get it, as a user or as an application.

TABLE OF CONTENTS

Supported access tokens
Access on behalf of a user (authorization code flow)
Access without a user (client credentials flow)

# Supported access tokens

The nBold API expects a valid access token in the HTTP Authorization request header with a bearer token such as:

{
  "Authorization": "bearer <JWT_TOKEN>"
}

nBold supports access tokens (opens new window) retreived from the following OAuth 2.0 grant flows:

Auth Code (opens new window)
On-behalf-of (opens new window)
Client Credentials (opens new window)

# Access on behalf of a user (authorization code flow)

Reference: Get access to the Microsoft Graph on behalf of a user (opens new window)

# Access without a user (client credentials flow)

Reference: Get access to the Microsoft Graph without a user (opens new window)

← Get started Explorer →