From 51f3da6ccf8509ff9b9add3b7ad50f40fd2287ec Mon Sep 17 00:00:00 2001
From: PieterKas <90690777+PieterKas@users.noreply.github.com>
Date: Tue, 11 Jul 2023 19:54:00 +0100
Subject: [PATCH] Alternative text for API Authorization section

See issue #38
---
 authorization-api-1_0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authorization-api-1_0.md b/authorization-api-1_0.md
index 36b7952..d74255d 100644
--- a/authorization-api-1_0.md
+++ b/authorization-api-1_0.md
@@ -100,7 +100,7 @@ The Authorization API has two parts, Access Evaluation and Search. Each of these
 This document describes the API version 1. Any updates to this API through subsequent revisions of this document or through other documents MAY augment this API, but MUST NOT modify the API described here. Augmentation MAY include additional API methods or additional parameters to existing API methods, additional authorization mechanisms or additional optional headers in API requests. All API methods for version 1 MUST be immediately preceded by the relative URL path `/v1/`.
 
 ## API Authorization
-This API SHALL be authenticated using the OAuth 2.0 Bearer access token ({{RFC6750}}) to authorize API calls
+API calls SHALL be authorized with OAuth 2.0 access tokens ({{RFC6750}}). Implementors MAY use bearer tokens or sender constrained tokens, depending on the organizations policy.
 
 ## Request Identification
 All requests to the API MAY have request identifiers to uniquely identify them. The API client (PEP) is responsible for generating the request identifier. If present, the request identifier SHALL be provided using the HTTP Header `X-Request-ID`. The value of this header is an arbitrary string. The following non-normative example describes this header: