For a client application to access REST API resources, it must be authorized as a safe visitor. To implement this authorization, use a connected app and an OAuth 2.0 authorization flow.

A connected app requests access to REST API resources on behalf of the client application. For a connected app to request access, it must be integrated with your org’s REST API using the OAuth 2.0 protocol. OAuth 2.0 is an open protocol that authorizes secure data sharing between applications through the exchange of tokens.
For instructions to configure a connected app, see Create a Connected App in Salesforce Help. Specifically, follow the instructions in Enable OAuth Settings for API Integration.

OAuth authorization flows grant a client app restricted access to REST API resources on a resource server. Each OAuth flow offers a different process for approving access to a client app, but in general the flows consist of three main steps.

  1. To initiate an authorization flow, a connected app on behalf of a client app requests access to a REST API resource.
  2. In response, an authorizing server grants access tokens to the connected app.
  3. A resource server validates these access tokens and approves access to the protected REST API resource.

After reviewing and selecting an OAuth authorization flow, apply it to your connected app. For details about each supported flow, see OAuth Authorization Flows in Salesforce Help.