Sohar uses the OAuth 2.0 bearer token authentication scheme. Retrieve a bearer token via the Get Token endpoint. This call requires your client_id and client_secret, which an organization admin can generate from the Sohar dashboard.

The /oauth/token endpoint expects a JSON body with your credentials:

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET"
}

Include the token in the Authorization header as Bearer <token> when calling other APIs.