> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didx.co.za/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to obtain and use access tokens for didx:me API requests.

Every API request needs a Bearer access token in the `Authorization` header.

## Get a token

Submit your `clientId` and `clientSecret` to Keycloak with the `client_credentials` grant.

```bash theme={null}
curl --request POST \
  --url "https://test.didxtech.com/iam/realms/product-hub/protocol/openid-connect/token" \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data "grant_type=client_credentials" \
  --data "client_id=your_client_id" \
  --data "client_secret=your_client_secret"
```

You receive:

```json theme={null}
{
  "access_token": "eyJhbGciOiJSUzI1NiIsI...",
  "expires_in": 300,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "email profile"
}
```

The token is valid for 5 minutes (`expires_in: 300`). There is no refresh token (`refresh_expires_in: 0`); when the token expires, request a new one with the same call.

## Use the token

Include it in every API request:

```bash theme={null}
-H "Authorization: Bearer <access_token>"
```
