As shown in the diagram, for the client to start calling APIs, it needs to obtain an authorization grant in the form of an Access Token. OAuth provides four grant types, which can be used according to different application requirements. The as to which authorization grant type to use is left with the client application.