# Authentication

The iAdvize authentication mechanism uses temporary tokens that have a 24-hour lifetime.

You can generate your own tokens with a user email & password.

{% hint style="info" %}
Please note the following policy on **authentication**:

* 10 logins per minute per user
* 100 logins per minute per IP address
  {% endhint %}

## Create an Access Token

You have make a `POST` call on the following endpoint: `https://api.iadvize.com/oauth2/token` and send the following parameters:

| **Parameter**   | **Description**                                  | **Type** | **Mandatory** |
| --------------- | ------------------------------------------------ | -------- | ------------- |
| **username**    | User email                                       | String   | Yes           |
| **password**    | User password                                    | String   | Yes           |
| **grant\_type** | Oauth2 grant type (only `password` is supported) | String   | Yes           |

{% hint style="warning" %}
Please note that parameters must be sent as `application/x-www-form-urlencoded`
{% endhint %}

**Examples:**

{% tabs %}
{% tab title="cURL" %}

```bash
curl  --request POST \
      --url https://api.iadvize.com/oauth2/token \
      --data "username={EMAIL}&password={PASSWORD}&grant_type=password"
```

{% endtab %}

{% tab title="NodeJS" %}

```javascript
const axios = require('axios');
const querystring = require('querystring');

const authEndpoint = 'https://api.iadvize.com/oauth2/token';
const username = 'YOUR_IADVIZE_USER_EMAIL';
const password = 'YOUR_PASSWORD'

axios
  .post(
    authEndpoint,
    querystring.stringify({
      grant_type: 'password',
      username,
      password
    })
  )
  .then(function (response) {
    console.log(response);
  });
```

{% endtab %}
{% endtabs %}

#### Response (example):

```json
{
    "access_token": "BMU9FSlOV.....UU0UVRPUSJ9.9yZCIsInBl....cm1pc3Npb0.xw3blsLI8gujt....JPX5U8v24o1gUsg",
    "expires_in": 86400,
    "token_type": "Bearer",
    "refresh_token": "none"
}
```

## Authenticate your API calls

To authenticate an API call just pass the access token in an authorization header.

```bash
curl  --request POST \
      --url https://api.iadvize.com/graphql \
      --header "Content-Type: application/json" \
      --header "Authorization: Bearer {YOUR_ACCESS_TOKEN}" \
      --data "YOUR_QUERY"
```

## Check the validity of an access\_token <a href="#check-the-validity-of-an-access_token" id="check-the-validity-of-an-access_token"></a>

You can verify token validity with the authenticated route below.

```bash
curl  --request GET \
      --url https://api.iadvize.com/_authenticated \
      --header "Authorization: Bearer {YOUR_ACCESS_TOKEN}"
```

If your token is valid, you will receive a response that looks like this:

```json
{
  "authenticated": true
}
```

If your token is expired or invalid, you will receive the following response:

```json
{
  "error_description": "access token not valid",
  "error": "invalid_token"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.iadvize.dev/technologies/graphql-api/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.