Hi all, I have registered two clients in my Keycloak, one is an API (ID = client_api) and another is a confidential client (ID = confidential_client), which is a standalone application that should access the API with its own credentials. I've set the access type of both API and application to "confidential". client_id = confidential_client client_secret = <confidential client secret> grant_type = client_credentials { "access_token": "eyJhbG...Z0qmQ" // other stuff } Then, I try to call my API with an authentication header with Bearer = "eyJhbG...Z0qmQ" (the accesss_token from previous step) However, this does not seem to work, and the API acts like the user is not authenticated. Any idea of what I'm doing wrong? Thanks, Paolo