The Smart API requires an OAuth2.0 Identity Provider (IdP). If your application uses Okta, Smart API Manager (SAM), or Azure AD as an IdP, you must use one of the following authorization methods:
You can also use the Smart Completions authentication server (using the client credentials) to authenticate users. This approach requires successful authentication to the Smart Completions application without any configuration, as follows:
In the web-browser, go to the Smart Completions authentication client using the following URL format:
When prompted, enter your credentials.
After successful authentication, click Copy Access Token.
Pass the access token in the Authorization header as a Key-Value pair whenever you send an API request via a REST client.
By default, the access token is valid for one hour. If the token expires, repeat the above steps to generate a new access token.
To summarize, the client must include an access token (JWT) in the request authorization header to be authenticated for use with the Smart API. To get an access token, a client must have client credentials. How you prefer to authenticate depends on the hosting platform.