Sending Bearer Tokens to Web API via Postman

Update

I have been able to get a Bearer token using instructions from this thread

Here are the instructions in Postman:

• Url: https://login.windows.net/[tenantname].onmicrosoft.com/oauth2/token
• Type: POST
• Headers: none
• Body: form-data
• grant_type: client_credentials
• client_id: [client-id]
• client_secret: [client-secret]

However, if I send the same token in my call to a Web API endpoint, I still get back "Authorization has been denied for this request"

Why is it still not authorizing ?

End Update

I have created an ASP.Net Web API project which is protected using an organizational Azure AD instance. I have set up the tenant id, client id and secret correctly.

The Azure AD instance is the same one backing our Office 365/SharePoint instance and the idea is to create SharePoint Add-Ins which can call the services using the logged in user's context.

I am stuck at testing the API. I can call unauthorized endpoints without any issue. However, when I add the [Authorize] attribute, I always get back this response: "Authorization has been denied for this request."

As I understand it, I need to generate a bearer token and add it to my Postman request in the header (see image). After much Googling, I still have not been able to make this work.

My question is: How do I generate a bearer token for a Web API instance protected by Azure AD.

My configuration code is as below:

public void ConfigureAuth(IAppBuilder app)
        {
            app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                {
                    Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
                    TokenValidationParameters = new TokenValidationParameters {
                         ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
                    },
                });
        }