# Authentication

Our APIs utilize the OAuth 2.0 framework for secure and seamless authentication. OAuth 2.0 provides various grant types to cater to different scenarios. 

Here are the primary authentication endpoints that you can use to be authenticated before using any of our APIs

## Client Credentials Grant

<mark style="color:green;">`POST`</mark> `https://iam.ants.tech/oauth/token`

The Client Credentials Grant API is designed for client applications to obtain an `accessToken` in the OAuth2.0 process before it could be able to make any other further requests to our APIs.

#### Headers

| Name                                           | Type   | Description                       |
| ---------------------------------------------- | ------ | --------------------------------- |
| Content-Type<mark style="color:red;">\*</mark> | String | application/x-www-form-urlencoded |

#### Request Body

| Name                                             | Type   | Description                                                                                                                                                                                                                                                                                                                                                                  |
| ------------------------------------------------ | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| grant\_type<mark style="color:red;">\*</mark>    | String | Fixed value: `client_credentials`                                                                                                                                                                                                                                                                                                                                            |
| client\_id<mark style="color:red;">\*</mark>     | String | Your provided app Client ID. For example, `26156a86-b739-4c6b-9de2-314228c3e6e5`                                                                                                                                                                                                                                                                                             |
| client\_secret<mark style="color:red;">\*</mark> | String | Your provided app Client Secret. For example, `ECOTBQNP44IFPCVMQNSZ`                                                                                                                                                                                                                                                                                                         |
| scope<mark style="color:red;">\*</mark>          | String | <p>Your requested scope. Currently, our APIs support these 4 kinds of scope:</p><p>- <code>item</code> To access our BO data</p><p>- <code>event</code> To access our event data</p><p>- <code>profile</code>To access our customer data</p><p>- <code>promotion</code>To access our promotion data</p><p>You can request multiple scopes by separating them by a comma.</p> |

{% tabs %}
{% tab title="200: OK When the authenticated process is success" %}

<pre class="language-json"><code class="lang-json"><strong>{
</strong>    "accessToken": "5474r2x214z26484u2e4y4a403q5e4z5m4j4b403s526",
    "accessTokenExpiresAt": "2023-08-10T12:41:57.643Z",
    "scope": "item"
}
</code></pre>

{% endtab %}

{% tab title="400: Bad Request When input data fails to pass validation checks" %}

```
{
    "statusCode": 400,
    "status": 400,
    "code": 400,
    "message": "Invalid scope: Requested scope is invalid",
    "name": "invalid_scope"
}
```

{% endtab %}
{% endtabs %}