Token endpoint used by both the Authorization Code grant and the Client Credentials grant. The client authenticates with HTTP Basic using its client_id and client_secret per RFC 6749 §2.3.1.

The X-Vibe-Revision header is not required on this endpoint.

Example: client_credentials grant

curl -sX POST https://api.vibe.co/oauth2/token \
  -u "$CLIENT_ID:$CLIENT_SECRET" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "scope=account:read account:write advertisers:read advertisers:write audiences:read audiences:write campaigns:read campaigns:write creatives:read creatives:write impression_tracking:read impression_tracking:write reporting:read"

The scope parameter is optional. If omitted, the token is issued with all scopes available to the client.