Absolutely all requests made to the API are made through a centralized API server that communicates with a single authorization server (implements OAuth) in order to verify the token passed to it, as well as obtain additional information.
Supported types of interaction
- Authorization Code Grant
- Client Credentials Grant
- Refresh Token
More details here: https://www.oauth.com/