# Authentication

To get started with the XONE API, you'll first need to obtain an access token. This token acts as a digital key, granting your application permission to make API calls.

This process uses the **OAuth 2.0 Client Credentials Grant flow**. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.

### 🔑 Authentication Steps

* **Request Token:** Send a "Retrieve Token" request to the XONE authorization server's token endpoint.
* **Include Credentials:** In the request body, provide your `client_id` and `client_secret` as a JSON object.
* **Use Token:** The server will respond with an `access_token` that you can now use to authenticate your API calls by including it in the **Authorization** header as a `Bearer` token.

## POST /api/oauth/token

> Retrieve token

```json
{"openapi":"3.0.0","info":{"title":"Offers","version":"1.0.0"},"tags":[{"name":"Authentication","description":"To get started with the XONE API, you'll first need to obtain an access token. \nThis token acts as a digital key, granting your application permission to make API calls.\n\nThis process uses the **OAuth 2.0 Client Credentials Grant flow**. You'll use your unique client ID and client secret to request a token, which you then include in subsequent API requests.\n\n## 🔑 Authentication Steps\n\n* **Request Token:** Send a \"Retrieve Token\" request to the XONE authorization server's token endpoint.\n* **Include Credentials:** In the request body, provide your `client_id` and `client_secret` as a JSON object.\n* **Use Token:** The server will respond with an `access_token` that you can now use to authenticate your API calls by including it in the **Authorization** header as a `Bearer` token.\n"}],"servers":[{"url":"https://api.xone.xcover.com"}],"paths":{"/api/oauth/token":{"post":{"summary":"Retrieve token","tags":["Authentication"],"responses":{"200":{"description":"200 OK","headers":{"Date":{"schema":{"type":"string"}},"Transfer-Encoding":{"schema":{"type":"string"}},"Connection":{"schema":{"type":"string"}},"Pragma":{"schema":{"type":"string"}},"Cache-Control":{"schema":{"type":"string"}},"X-Request-Id":{"schema":{"type":"integer"}},"X-Ratelimit-Limit":{"schema":{"type":"integer"}},"X-Ratelimit-Remaining":{"schema":{"type":"integer"}},"Vary":{"schema":{"type":"string"}},"X-Content-Type-Options":{"schema":{"type":"string"}},"X-XSS-Protection":{"schema":{"type":"integer"}},"Strict-Transport-Security":{"schema":{"type":"string"}},"CF-Cache-Status":{"schema":{"type":"string"}},"Server":{"schema":{"type":"string"}},"CF-RAY":{"schema":{"type":"integer"}},"Content-Encoding":{"schema":{"type":"string"}},"Server-Timing":{"schema":{"type":"string"}},"Cf-Team":{"schema":{"type":"integer"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"token_type":{"type":"string"},"expires_in":{"type":"integer"},"access_token":{"type":"string"}}}}}},"401":{"description":"401 Unauthorized","headers":{"Date":{"schema":{"type":"string"}},"Transfer-Encoding":{"schema":{"type":"string"}},"Connection":{"schema":{"type":"string"}},"Cache-Control":{"schema":{"type":"string"}},"X-Request-Id":{"schema":{"type":"string"}},"X-Ratelimit-Limit":{"schema":{"type":"integer"}},"X-Ratelimit-Remaining":{"schema":{"type":"integer"}},"Vary":{"schema":{"type":"string"}},"X-Content-Type-Options":{"schema":{"type":"string"}},"X-XSS-Protection":{"schema":{"type":"integer"}},"Strict-Transport-Security":{"schema":{"type":"string"}},"CF-Cache-Status":{"schema":{"type":"string"}},"Report-To":{"schema":{"type":"string"}},"Content-Security-Policy-Report-Only":{"schema":{"type":"string"}},"Server":{"schema":{"type":"string"}},"CF-RAY":{"schema":{"type":"integer"}},"Server-Timing":{"schema":{"type":"string"}},"Cf-Team":{"schema":{"type":"integer"}}},"content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"error_description":{"type":"string"},"message":{"type":"string"}}}}}}},"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["grant_type","client_id","client_secret"],"properties":{"grant_type":{"type":"string"},"client_id":{"type":"string"},"client_secret":{"type":"string"}}}}}}}}}}
```