# Authorization

All API requests must be authenticated. To get authorized, you must include a valid access token in the **Authorization** [header](https://docs.commercelayer.io/provisioning/api-specification#headers):

```http
Authorization: Bearer {{your_access_token}}
```

### Getting the API credentials

First, you need to get your Provisioning API credentials. To do that, head over to the Dashboard, click on your user avatar in the upper right of the page to access your profile menu, and select *Provisioning API* from the dropdown:

<figure><img src="https://2087057456-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxrdVVavnnBMHRCqrLp1y%2Fuploads%2F0ncEUGinuxymWg5b0zl1%2Fdashboard-home-stats-user-dropdown.jpg?alt=media&#x26;token=268e0481-49af-4e56-8de9-097065c1eafe" alt=""><figcaption></figcaption></figure>

On the [next page](https://dashboard.commercelayer.io/user/provisioning_api) you can find and copy to clipboard your Provisioning API credentials (**client ID** and **client secret**):

<figure><img src="https://2087057456-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxrdVVavnnBMHRCqrLp1y%2Fuploads%2FAs8JGRXzNEVaZCja3058%2Fprovisioning-credentials.jpg?alt=media&#x26;token=b446b37c-2b17-466d-bdd7-09e7e4b0f303" alt=""><figcaption></figcaption></figure>

### Getting an access token

To get a valid access token you need to send a `POST` request to the following endpoint, providing the arguments listed in the table below:

```http
https://auth.commercelayer.io/oauth/token
```

| Body parameter      | Type   | Required | Description           |
| ------------------- | ------ | -------- | --------------------- |
| **`grant_type`**    | String | Required | `client_credentials`  |
| **`client_id`**     | String | Required | Your `client_id`.     |
| **`client_secret`** | String | Required | Your `client_secret`. |

### Example

{% tabs %}
{% tab title="Request" %}
The following request tries to get an access token for the Provisioning API:

<pre class="language-bash"><code class="lang-bash">curl -g -X POST \
<strong>  'https://auth.commercelayer.io/oauth/token' \
</strong>  -H 'Content-Type: application/vnd.api+json' \
  -d '{
<strong>    "grant_type": "client_credentials",
</strong><strong>    "client_id": "{{your_client_id}}",
</strong><strong>    "client_secret": "{{your_client_secret}}"
</strong>}'
</code></pre>

{% endtab %}

{% tab title="Response" %}
On success, the API responds with a `200 OK` status code, returning the requested access token:

<pre class="language-json"><code class="lang-json">{
<strong>    "access_token": "abCde_FghI1jKLM2.nOp3QrS4t5UvW6.XYZ7Ab8cD9EFG-hIjk0L",
</strong>    "token_type": "Bearer",
<strong>    "expires_in": 7200,
</strong>    "scope": "provisioning-api metrics-api",
    "created_at": 123456789
}
</code></pre>

{% endtab %}
{% endtabs %}

Where `{{your_client_id}}` and `{{your_client_secret}}` are the credentials you just got [from the Dashboard](#api-credentials). You can now use the `access_token` you get in the response to perform authenticated requests to the Provisioning API (until it expires).

{% hint style="info" %}
Once you got your credentials, you can also leverage our [JS Auth](https://github.com/commercelayer/commercelayer-js-auth) library to [get an access token](https://github.com/commercelayer/commercelayer-js-auth?tab=readme-ov-file#provisioning) for the Provisioning API.
{% endhint %}