# Authorization

All API requests must be authenticated. To get authorized, you must include a valid access token in the **Authorization** [header](/provisioning/getting-started/api-specification.md#headers):

```http
Authorization: Bearer {{your_access_token}}
```

### Getting the API credentials

First, you need to get your Provisioning API credentials. To do that, head over to the Dashboard, click on your user avatar in the upper right of the page to access your profile menu, and select *Provisioning API* from the dropdown:

<figure><img src="/files/App4IMjwxfEhuKkEKaVq" alt=""><figcaption></figcaption></figure>

On the [next page](https://dashboard.commercelayer.io/user/provisioning_api) you can find and copy to clipboard your Provisioning API credentials (**client ID** and **client secret**):

<figure><img src="/files/JDUuVbPOhNLt1HvSWxJP" alt=""><figcaption></figcaption></figure>

### Getting an access token

To get a valid access token you need to send a `POST` request to the following endpoint, providing the arguments listed in the table below:

```http
https://auth.commercelayer.io/oauth/token
```

| Body parameter      | Type   | Required | Description           |
| ------------------- | ------ | -------- | --------------------- |
| **`grant_type`**    | String | Required | `client_credentials`  |
| **`client_id`**     | String | Required | Your `client_id`.     |
| **`client_secret`** | String | Required | Your `client_secret`. |

### Example

{% tabs %}
{% tab title="Request" %}
The following request tries to get an access token for the Provisioning API:

<pre class="language-bash"><code class="lang-bash">curl -g -X POST \
<strong>  'https://auth.commercelayer.io/oauth/token' \
</strong>  -H 'Content-Type: application/vnd.api+json' \
  -d '{
<strong>    "grant_type": "client_credentials",
</strong><strong>    "client_id": "{{your_client_id}}",
</strong><strong>    "client_secret": "{{your_client_secret}}"
</strong>}'
</code></pre>

{% endtab %}

{% tab title="Response" %}
On success, the API responds with a `200 OK` status code, returning the requested access token:

<pre class="language-json"><code class="lang-json">{
<strong>    "access_token": "abCde_FghI1jKLM2.nOp3QrS4t5UvW6.XYZ7Ab8cD9EFG-hIjk0L",
</strong>    "token_type": "Bearer",
<strong>    "expires_in": 7200,
</strong>    "scope": "provisioning-api metrics-api",
    "created_at": 123456789
}
</code></pre>

{% endtab %}
{% endtabs %}

Where `{{your_client_id}}` and `{{your_client_secret}}` are the credentials you just got [from the Dashboard](#api-credentials). You can now use the `access_token` you get in the response to perform authenticated requests to the Provisioning API (until it expires).

{% hint style="info" %}
Once you got your credentials, you can also leverage our [JS Auth](https://github.com/commercelayer/commercelayer-js-auth) library to [get an access token](https://github.com/commercelayer/commercelayer-js-auth?tab=readme-ov-file#provisioning) for the Provisioning API.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.commercelayer.io/provisioning/getting-started/authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.