post https://api.aluma.io/oauth/token
The access_token property is your access token. The expires_in property specifies the number of seconds in which this access token will expire. You should make a request for a new access token at this point, or a little before.
With every request to the API you should then specify the Authorization header as follows:
Authorization: Bearer <MY_ACCESS_TOKEN>