A common OAuth allows a third-party client to operate on behalf of a user without revealing the user’s credentials, such as username and password to the client.
The client first sends the user credentials to an authorization server:
which authenticates the user
obtains the user’s authorization, and
issues an access token which the client can use in interacting with a resource server
To learn how to explore the Smart API with a common third-party clients, see Exploring the Smart API.