Using Password

In the password grant type, the user provides their resource server credentials (username/password) to the client, which sends across an access token request to the API management. This grant type is ideally used when the request is generated from a reliable source.

After configuring the OAuth Token End Point policy, provide the following parameters in the Postman and click the Send button to get the access token:

Method: POST.
URL: Project proxy URL.
Query Parameters:

grant_type: Password.

- form-urlencoded parameters:
  - username: The resource owner username.
  - password: The resource owner password.
- client_id: Specify consumer key generated in client subscription.
- client_secret: Specify consumer secret generated in client subscription.
  Sample request
  
  CODE
```
curl -X POST  http://192.168.2.231:2160/tokenEnd/1.0  -H 'accept: application/json'  -H 'cache-control: no-cache'   -H 'client_id: Qvf-wSSLmGfjULQrbMCmRcab'  -H 'client_secret: QpFgbhZtuILPDBrHvBujaMQwmyrRieTisdnh'   -H 'content-type: application/x-www-form-urlencoded'   -H 'grant_type: password' -d 'username=admin&password=passwd'
```
- scope: The possible scope of the request. This parameter is OPTIONAL; refer to the Obtaining Access Token with Scope section to know about Scope.

After receiving the access token, refer the Accessing protected resources using Access Token section to see how to access protected resources.