How is Access Token used with REST API in Salesforce ?

Hi,

The first step in any API-based integration is getting an OAuth access token to authenticate your calls.

Using the client ID and secret  call the REST Auth service to obtain an OAuth access token for authenticating your API calls. This sample call demonstrates how to POST to that resource to acquire an access token.

POST https://auth.exacttargetapis.com/v1/requestToken
Content-Type: application/json
{
“clientId”: “YOUR_CLIENT_ID”,
“clientSecret”: “YOUR_CLIENT_SECRET”
}

200 OK
{
“accessToken”: “YOUR_ACCESS_TOKEN”
“expiresIn”: 3600
}

The access token is returned in the accessToken property. Specify this access token to authenticate all other REST API calls via the Authorization header field with the Bearer HTTP authorization scheme.

Refresh an Access Token
Note the expiresIn property in the HTTP response to the requestToken API call. Access tokens expire one hour after they are issued. If you attempt to use an expired token, you receive a 401 Unauthorized HTTP response. If this happens, refresh your access token by calling requestToken again.

Follow these considerations when using the API directly and doing your own OAuth token management.

Do not request a new access token for every API call you make—-each access token is good for an hour and is reusable. Making two API calls for every one operation is inefficient and causes throttling.
Be careful where you store your client ID and secret. Never expose this information on the client side via JavaScript or store it in a mobile application. Ensure that these credentials are stored securely in your application.

Hope this helps!