# Authentication

This guide walks users through how to use authenticate requests using the Alluvial APIs.

## Client Credentials Flow

Below is a ladder diagram showing the flow to create an access token.

This flow involves 3 parties:

* Platform Server: the client looking to access the Alluvial API and which has previously been given a Client ID and Client Secret credentials.
* Alluvial Authorization Server: responsible for validating credentials and generating JWT Access Token.
* Alluvial API: the target resource to be accessed.

<figure><img src="https://3059818499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNrNQhExRQsha4MbFFjxD%2Fuploads%2Fgit-blob-9ee60dd9989391b4a2b2bb1ee96ba70710af804d%2Fladder_diagram_authentication.png?alt=media" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
To obtain a Client ID and Client Secret reach out to your Alluvial representative.
{% endhint %}

## Getting Access Token

To obtain an access token, use the a request below using your client id and secret.

**Request:**

{% hint style="info" %}
Make sure you are using the correct audience URL. Staging: <https://api.staging.alluvial.finance> Production: <https://api.alluvial.finance>
{% endhint %}

{% code title="" overflow="wrap" lineNumbers="true" %}

```bash
curl  'https://auth.alluvial.finance/oauth/token' \
--header 'content-type: application/json' \
--data '{
 "audience": "https://api.staging.alluvial.finance",
 "grant_type": "client_credentials",
 "client_id": "<YOUR_CLIENT_ID>",
 "client_secret": "<YOUR_CLIENT_SECRET>"
}'
```

{% endcode %}

**Response:**

{% code title="" overflow="wrap" lineNumbers="true" %}

```json
{
  "access_token": "eyJhbGci…CVm5g",
  "scope": "read:eth-oracle read:eth-contracts read:eth-operators",
  "expires_in": 86400,
  "token_type": "Bearer"
}
```

{% endcode %}

### Refreshing Access Token

Access Token should be reused for every request until it expires, in which case they should go through the Client Credential Flow again to obtain a fresh Access Token.

#### Sample request

To use the access token, pass it via the HTTP header `Authorization: Bearer`

{% code title="" overflow="wrap" lineNumbers="true" %}

```bash
curl 'https://api.staging.alluvial.finance/v0/wallets/0x2B7ff5d4C14A9Da8d5C9354c7A52aB40DdC1C01e' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJh...b'
```

{% endcode %}

If you receive a 2xx response, you are now able to make fully authenticated requests.

If you receive a 4xx response, check if your access token is expired.

You are now ready to make requests! Please check out our guides on [staking](https://docs.alluvial.finance/guides/staking) and [redemptions](https://docs.alluvial.finance/guides/redemptions).