The client requests an access token by authenticating with the authorization server and presenting the authorization grant
When sending API queries they must be made over HTTPS, and plain HTTP will be refused. You must include your X-App headers in all requests.
Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization.
Authentificate customer with login and pasword
Request MFA code for selected device
Document sign (Get sign token) or authorize client to sign some document
Request MFA code using existing access_token.
Request password restore (if user exists then verification and confirmation codes will be send)
Verify password restore MFA confirnation code
Reset password using access token