Applications MUST always use an OAuth token in the API request header called Authorization: in ORDER to CONSUME any of the APIs provided by AT&T.

An OAuth access token is obtained by invoking the OAuth API which triggers the authorization process. This process may involve interaction between the application and the API Platform only, as in the case of OAuth Token request, or it may involve interaction between the user's browser and the API platform. In the latter case, the secure interaction is INITIATED by the developer's application but the secure authentication is INTENTIONALLY routed around the developer's application and, in so doing, assures the end-user that their user credentials are kept secure and are only passed between AT&T and the user's browser.

Applications must always use an OAuth token in the API request header called Authorization: in order to consume any of the APIs provided by AT&T.

An OAuth access token is obtained by invoking the OAuth API which triggers the authorization process. This process may involve interaction between the application and the API Platform only, as in the case of OAuth Token request, or it may involve interaction between the user's browser and the API platform. In the latter case, the secure interaction is initiated by the developer's application but the secure authentication is intentionally routed around the developer's application and, in so doing, assures the end-user that their user credentials are kept secure and are only passed between AT&T and the user's browser.