> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sqod.co.uk/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

> The following information gives an overiew on how to authenticate using the SQOD API

This API uses **OAuth2 Client Credentials** authentication provided by AWS.

This method is designed for server-to-server communication, where no end-user is directly involved. Instead, the client application authenticates itself using a Client ID and Client Secret.

1. Obtain Client Credentials
   You will be provided with:

* URL
* Client ID
* Client Secret
  These values are generated by Involve and will uniquely identify and secure your application.

2. Request an Access Token

Send a `POST` request to the SQOD token endpoint:

```http theme={null}
POST https://auth.app.sqod.co.uk/oauth2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(client_id:client_secret)>
```

Including the following request body:

```json theme={null}
{"grant_type": "client_credentials"}
```

3. Receive an Access Token

A successful response looks like this:

```json theme={null}
{
  "access_token": "eyJraWQiOiJhb...",
  "expires_in": 3600,
  "token_type": "Bearer"
}
```

`access_token`  – The token used to authorize API requests

`expires_in`  – Token lifetime in seconds (3600 = 1 hour)

`token_type`  – Always `"Bearer"`

4. Call the API with the Token

When sending a request you'll need to include the token in the Authorization header when calling the API:

```json theme={null}
{"Authorization": "Bearer eyJraWQiOiJhb..."}
```

Example Request

```http theme={null}
GET https://api.yourcompany.com/v1/resource
Authorization: Bearer eyJraWQiOiJhb...
```
