Admittedly, things like AFNetworking do make working with NSURLConnection and the like a bit easier, but if you're doing this from scratch, you're close.
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:@"https://api-ssl.bitly.com/oauth/access_token"]];
The endpoint for Resource Owner Credential Grants. That will get you the access_token you need to access the rest of our API.
The trickiest part of the flow is the "Authorization" header
NSString *authString = [NSString stringWithFormat:@"%@:%@", @"<YOUR CLIENT ID>", @"<YOUR CLIENT SECRET>"];
NSData *authData = [authString dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64 = [authData base64EncodedStringWithOptions:0];
NSString *authHeader = [NSString stringWithFormat:@"Basic %@", base64];
[request setValue:authHeader forHTTPHeaderField:@"Authorization"];
This will set the Authorization field to: Basic clientID:clientSecret correctly base 64'ed
From there you need to set the body to the request
NSString *postBody = [NSString stringWithFormat:@"grant_type=password&username=%@&password=%@", @"<USERNAME>", @"<PASSWORD>"];
[request setHTTPBody:[postBody dataUsingEncoding:NSUTF8StringEncoding]];
Tell the request it's POST
[request setHTTPMethod:@"POST"];
Then open a NSURLConnection and observe the 3 important delegated methods
NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
[connection start];
You will want to implement:
- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData*)data
- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error
- (void)connectionDidFinishLoading:(NSURLConnection *)connection
Source: I write the Bitly for iPhone app. Hope this helps. Let me know if you have any questions about the API, or the example above.