About Using Integration Server as the Resource Server
When a client has requested access to a protected resource and has received an access token, the client can then present the access token to the resource server. If Integration Server is the resource server, clients can present the access token using the authorization request header field. Clients can send the access token in the Authorization request header field using the Bearer authentication scheme to submit the access token. For example:
GET /invoke/folder/svc HTTP/1.1
Host: your-company.com:5555
Authorization: Bearer access_token_id
If you are using the pub.client:http service, you can send the token using the auth header field. For information about using this service, see webMethods Integration Server Built-In Services Reference .
For more information about the Bearer authentication scheme, refer to the OAuth 2.0 Authorization Framework Bearer Token Usage specification.