post https://api.actonsoftware.com/token?grant_type=password
Use Username and password to get access token and refresh token
Grant-Type Password provides an access_token and refresh_token. The access_token is specific to the account which the user/password belongs to. Limited to 5 authentication attempts per hour.
access_token - Expires after 3600 seconds. Used in all non-auth endpoints to access account data.
refresh_token - Expires when a new refresh_token is requested using the same credentials or after 30 days. The refresh token can only be used in the Grant-Type Refresh endpoint and is used in place of a username/password or access code.
Access your account's Client ID and Client Secret by going to Settings > Other Settings > Custom Account Settings > API Access Keys.