The access token request must be authenticated utilizing the "HTTP Basic authentication scheme" as defined in RFC 2617. This endpoint supports both standard submission using application/x-www-form-urlencoded and application/json content types for convenience.
Your Client ID and Client Secret must be joined by ":", then Base64 encoded, and included in the Authorization request header (ex. base64("{client_id}:{client_secret}")).
For example, for a Client ID "client:9001" and Secret "thesystemofrecord", the following header would be expected once Base64 encoded (i.e. `base64("client:9001:thesystemofrecord")``):

Authorization: Basic Y2xpZW50OjkwMDE6dGhlc3lzdGVtb2ZyZWNvcmQ=

If authenticating via Postman, you would choose "Basic Auth" as the Auth Type, the Client ID (e.g. "client:9001") as the username, and the Client Secret as the password (e.g. "thesystemofrecord"). Postman handles the Base64 encoding for you.