The client must include the access token when invoking any OAuth protected API service. The API server validates this token and authorize the incoming API requests based on the scopes embedded in the access token. For information about validating the tokens, see Validating a JWT Token.
curl -X POST -H "Authorization: Bearer eyJhbGciOiJSU0ExXzU.....""https://api.oauth.apiserver.com/v1/resource"