A common OAuth allows a third-party client, such as PostMan web API, termed the client in the OAuth 2.0 specification, to operate on behalf of a user, without revealing the user’s credentials, such as user name and password to the client. The client first sends the user credentials to an authorization server, which authenticates the user, obtains the user’s authorization, and issues an access token which the client can use in interacting with a resource server.