# Authentication

The iAdvize authentication mechanism uses temporary tokens that have a 24-hour lifetime.

You can generate your own tokens with a user email & password.

{% hint style="info" %}
Please note the following policy on **authentication**:

* 10 logins per minute per user
* 100 logins per minute per IP address
  {% endhint %}

## Create an Access Token

You have make a `POST` call on the following endpoint: `https://api.iadvize.com/oauth2/token` and send the following parameters:

| **Parameter**   | **Description**                                  | **Type** | **Mandatory** |
| --------------- | ------------------------------------------------ | -------- | ------------- |
| **username**    | User email                                       | String   | Yes           |
| **password**    | User password                                    | String   | Yes           |
| **grant\_type** | Oauth2 grant type (only `password` is supported) | String   | Yes           |

{% hint style="warning" %}
Please note that parameters must be sent as `application/x-www-form-urlencoded`
{% endhint %}

**Examples:**

{% tabs %}
{% tab title="cURL" %}

```bash
curl  --request POST \
      --url https://api.iadvize.com/oauth2/token \
      --data "username={EMAIL}&password={PASSWORD}&grant_type=password"
```

{% endtab %}

{% tab title="NodeJS" %}

```javascript
const axios = require('axios');
const querystring = require('querystring');

const authEndpoint = 'https://api.iadvize.com/oauth2/token';
const username = 'YOUR_IADVIZE_USER_EMAIL';
const password = 'YOUR_PASSWORD'

axios
  .post(
    authEndpoint,
    querystring.stringify({
      grant_type: 'password',
      username,
      password
    })
  )
  .then(function (response) {
    console.log(response);
  });
```

{% endtab %}
{% endtabs %}

#### Response (example):

```json
{
    "access_token": "BMU9FSlOV.....UU0UVRPUSJ9.9yZCIsInBl....cm1pc3Npb0.xw3blsLI8gujt....JPX5U8v24o1gUsg",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "none"
}
```

## Authenticate your API calls

To authenticate an API call just pass the access token in an authorization header.

```bash
curl  --request POST \
      --url https://api.iadvize.com/graphql \
      --header "Content-Type: application/json" \
      --header "Authorization: Bearer {YOUR_ACCESS_TOKEN}" \
      --data "YOUR_QUERY"
```

## Check the validity of an access\_token <a href="#check-the-validity-of-an-access_token" id="check-the-validity-of-an-access_token"></a>

You can verify token validity with the authenticated route below.

```bash
curl  --request GET \
      --url https://api.iadvize.com/_authenticated \
      --header "Authorization: Bearer {YOUR_ACCESS_TOKEN}"
```

If your token is valid, you will receive a response that looks like this:

```json
{
  "authenticated": true
}
```

If your token is expired or invalid, you will receive the following response:

```json
{
  "error_description": "access token not valid",
  "error": "invalid_token"
}
```