The correct answer is B. OAuth access token . Saviynt documentation states that to integrate Saviynt APIs with Saviynt Identity Cloud, an OAuth access token must be generated to authenticate API calls. This is a foundational concept for the API section of Level 200 because even when using Postman or another client, the request must be authenticated before protected endpoints can be called successfully. Saviynt also documents that its APIs are RESTful APIs used to configure and access various platform features, so token-based authentication is central to practical API usage.

The other options are unrelated to Saviynt REST API authentication. SMTP token is not a Saviynt API authentication model, Transport package is used for moving supported configurations between environments, and Dataset key is not the documented authentication requirement for API access. Saviynt’s API reference guide further describes version-specific collections, supported methods, requests, and responses, which is exactly why Postman-based testing in certification labs usually starts with authentication setup first. In practical terms, if the OAuth token is missing or invalid, the request will fail even if the endpoint URL and payload are correct. That is why OAuth access token generation is the correct answer.