Zip uses OAuth2 Client Credentials Flow as the primary means for authorizing Merchant API requests. This is a two step process in that the client must obtain an access token via the OAuth token endpoint and then use this token to access the Zip API endpoints.
Client Id and Client Secret are provided by Zip.
Note: These access tokens are created with a specific expiration time. The integration should cache these tokens for no longer than the expiration length and request a new one if the existing token has expired. It is important to cache these tokens and not request a new one for each operation.