# Authentication Spotnana APIs use a Bearer token to authenticate incoming requests. The following authorization header must be included in all requests to access Spotnana APIs. ``` Authorization: "Bearer " ``` ## Generating an authentication token The following steps explain how to generate an authentication token. 1. Contact your Spotnana account representative to obtain a unique `client_id` and `client_secret` credentials. 2. After receiving your credentials, you can generate the bearer authentication token by making a `POST` API request to the `/v2/auth/oauth2-token` endpoint. The request must contain the `client_id`, `client_secret`, and `grant_type=client_credentials` in the request body. - The old token generation endpoint `/get-auth-token` has been deprecated. - Existing API users who want to migrate to the new `/v2/auth/oauth2-token` endpoint must obtain new `client_id` and `client_secret` credentials from Spotnana. ## Sample request and response The following code snippet is a sample `curl` request to generate a bearer token. ```bash curl --location 'https://api.spotnana.com/v2/auth/oauth2-token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=client_id' \ --data-urlencode 'client_secret=client_secret' \ --data-urlencode 'grant_type=client_credentials' ``` A successful response for the above `curl` request will contain a temporary bearer token and its expiration time displayed in seconds. ```json { "access_token": "", "expires_in": 3600, "token_type": "Bearer" } ``` When you're working with Spotnana APIs, this bearer `access_token` must be included in every request as authorization header to validate the API calls. The following code snippet is a sample `curl` request which shows how you can include the bearer token in a request header. ``` curl https://api.spotnana.com/v2/companies -H "Authorization: Bearer " ``` > **Note:** When making an API call, if the bearer token has exceeded the expiration time limit, you will receive an error code of `401` with a `message` in the JSON response indicating `Access Token Invalid`. In such cases, use the `/v2/auth/oauth2-token` endpoint again to generate another unique bearer token.