In the Metadata API, Oauth is the only authentication mechanism that is used, and there is no username password base authentication, as users are not meant to interact with the Metadata API. A JWT token is generated for each application and sent to the instances in payload, so the Cartridge Agent or the agent plugins can access the API using the token. All the requests to the Metadata API need to have the Authorization header in the following format:
"Authorization: Bearer $jwt_token"
The following subsections describe how to work with metadata: