I’m not personally very familiar with our API, but I found the following in different places on the forums.
It seems that the user password is exactly what you want according to OAuth2 Client Credentials - #4 by matburt
From Apiary Documents Out of Date? it looks like we’re using https://online-go.com/oath2/token now.
I hope that helps. If not, @flovo is probably one of the people most familiar with the API and can likely point you in the right direction.