When the client sends a request which carries a valid Consumer Key and Consumer Secret to the Token End Point in order to get an access token, the Token End Point verifies the credentials and returns the access token back to the client.
Obtaining Access Token
To get Access Token, any one of the ways may be used:
Accessing protected resources using Access Token
After receiving the Access Token using one of the above methods, it is sent along with the request as a query parameter (since Query is set in VerifyAccessTokenPolicy) to access the protected API. The Request URL will be in the following format: