From Bright Pattern Documentation
Security and Authentication
Either HTTP or HTTPS transport can be configured. The same setting applies to the entire Configuration Web Portal server. For production deployments on public Internet only, HTTPS is enabled.
The OAuth 2.0 Client Credentials Grant (RFC 6749, Section 4.4) is used to authenticate clients of this API. The username is checked against the list of users configured for the provider and for having an appropriate role/privilege to add/delete/import tenants.