# Authentication API

Quiqup uses **OAuth2 authentication** for secure API access.

For more details on OAuth2 please refer to the [OAuth2 Documentation](https://oauth.net/getting-started/).


Version: 1.0.0

## Servers

Production Server
```
https://platform-api.quiqup.com
```

Staging Server
```
https://platform-api.staging.quiqup.com
```

## Download OpenAPI description

[Authentication API](https://developer-docs.quiqup.com/_bundle/auth.yaml)

## Access Token

### Get access token

 - [POST /oauth/token](https://developer-docs.quiqup.com/auth/access-token/paths/~1oauth~1token/post.md): ## Overview
All our API endpoints support the OAuth 2.0 authentication protocol.

### How Authentication Works
To start sending authenticated HTTP requests, follow these steps:

1️⃣ Obtain an OAuth2 Access Token
   - Use your provided client_id and client_secret to request an access token.
   - Note: Staging and Production have different token expiration rules.

2️⃣ Token Expiration
   - Production: Tokens are valid for 7 days.
   - Staging: Tokens expire every 1 hour.

3️⃣ Token Renewal
   - Ensure your integration handles token renewal properly.
   - You can either track the token expiry time or automatically request a new token when your token has expired.

---

## Obtaining an Access Token

### POST /oauth/token

🔹 Description
Obtain an OAuth2 access token using the Client Credentials flow.

🔹 Token Expiry
- Production: expires_in: 604800 (7 days)
- Staging: expires_in: 3600 (1 hour)

### 📥 Request Body Example
json
{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "grant_type": "client_credentials"
}


### 📤 Success Response Example
json
{
  "access_token": "245c47495152da4845b65f57facdd7c8b6765451e946b9faa4817c245a335110",
  "created_at": 1616571253,
  "expires_in": 604800,
  "token_type": "bearer"
}


### 📤 Staging Response Example
json
{
  "access_token": "b76d4a126cf84959a8276f812321d598",
  "created_at": 1616571253,
  "expires_in": 3600,
  "token_type": "bearer"
}


## Common Errors & Troubleshooting

### Invalid Client Credentials
🔹 HTTP 401 Unauthorized
- Cause: The provided client_id or client_secret is incorrect.
- Fix: Verify credentials in your API settings.

### Invalid Grant Type
🔹 HTTP 400 Bad Request
- Cause: The grant_type must be \"client_credentials\".
- Fix: Ensure you pass grant_type=client_credentials in the request.

### Token Expired
🔹 HTTP 401 Unauthorized
- Cause: The access token has expired.
- Fix: Request a new access token using POST /oauth/token.