post https://demo-qasandbox.alloy.co/v1/oauth/bearer
Application token and application secret MUST be provided, either as properties in the JSON body, or in the Authorization header.
The returned bearer token will allow the client all the same access permissions as the given application token and secret. Bearer tokens are sent in the Authorization header in the form Bearer <bearer_token>.
All bearer tokens expire one hour from generation.