In this chapter, we implemented a two-legged version of the OAuth 2.0 protocol between our API and the client. I will leave the implementation of the third-party access to the API using the components we have in place at the API level as an exercise.