OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for your applications.
Speed of light
The OAuth 2.0 authorization framework is a protocol that allows a user to grant a third-party web site or application access to the user's protected resources, without necessarily revealing their long-term credentials or even their identity.
OAuth 2.0 is the industry-standard protocol for authorization.
/token endpoint can result 400 status code with "invalid_grant" error message if requested oauth scope is not configured in oauth client profile.
/token and /auth endpoint accept optional x-api-key http header.