# Get access token

## Overview
All our API endpoints support the OAuth 2.0 authentication protocol.

### How Authentication Works
To start sending authenticated HTTP requests, follow these steps:

1️⃣ Obtain an OAuth2 Access Token
   - Use your provided client_id and client_secret to request an access token.
   - Note: Staging and Production have different token expiration rules.

2️⃣ Token Expiration
   - Production: Tokens are valid for 7 days.
   - Staging: Tokens expire every 1 hour.

3️⃣ Token Renewal
   - Ensure your integration handles token renewal properly.
   - You can either track the token expiry time or automatically request a new token when your token has expired.

---

## Obtaining an Access Token

### POST /oauth/token

🔹 Description
Obtain an OAuth2 access token using the Client Credentials flow.

🔹 Token Expiry
- Production: expires_in: 604800 (7 days)
- Staging: expires_in: 3600 (1 hour)

### 📥 Request Body Example
json
{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "grant_type": "client_credentials"
}


### 📤 Success Response Example
json
{
  "access_token": "245c47495152da4845b65f57facdd7c8b6765451e946b9faa4817c245a335110",
  "created_at": 1616571253,
  "expires_in": 604800,
  "token_type": "bearer"
}


### 📤 Staging Response Example
json
{
  "access_token": "b76d4a126cf84959a8276f812321d598",
  "created_at": 1616571253,
  "expires_in": 3600,
  "token_type": "bearer"
}


## Common Errors & Troubleshooting

### Invalid Client Credentials
🔹 HTTP 401 Unauthorized
- Cause: The provided client_id or client_secret is incorrect.
- Fix: Verify credentials in your API settings.

### Invalid Grant Type
🔹 HTTP 400 Bad Request
- Cause: The grant_type must be \"client_credentials\".
- Fix: Ensure you pass grant_type=client_credentials in the request.

### Token Expired
🔹 HTTP 401 Unauthorized
- Cause: The access token has expired.
- Fix: Request a new access token using POST /oauth/token.

Endpoint: POST /oauth/token
Version: 1.0.0

## Request fields (application/json):

  - `client_id` (string)

  - `client_secret` (string)

  - `refresh_token` (string)
    The refresh token to use to get a new access token. Only used when the grant_type is refresh_token.

  - `grant_type` (string)
    Enum: "client_credentials", "refresh_token"

## Response 200 fields (application/json):

  - `access_token` (string)
    Example: "245c47495152da4845b65f57facdd7c8b6765451e946b9faa4817c245a335110"

  - `created_at` (integer)
    Example: 1616571253

  - `expires_in` (integer)
    Example: 3600

  - `token_type` (string)
    Example: "bearer"


## Response 400 fields

## Response 401 fields

## Response 422 fields