# Authentication

Authentication is handled by receiving a token from the Yellow Dog Auth API. All requests require an
Authorization header with a Bearer token included. The only source for this Token is through the
Yellow Dog Auth API.

As an integrator you should have received an API Client ID as well as a username and password for a
Yellow Dog Inventory Database Instance.

Authentication for the fetch api require an access token from the yellow dog authentication api found
at *[auth.yellowdogsoftware.com](http://auth.yellowdogsoftware.com)*. The two most commonly used
endpoints and their usage are as followed.

### Access Token

#### POST /token

> Access tokens provide the ability to interact with Yellow Dog’s Web APIs.
To get a valid access token you’ll need to provide a userName, password, and clientId.
- Valid for 1 hour



##### Request Body

```json
{
  "userName": "string",
  "password": "string",
  "clientId": "string"
}
```

##### Response

```json
{
  "success": true,
  "result": {
    "accessToken": "{some access token}",
    "refreshToken": "{some refresh token}",
    "tokenType": "{bearer}",
    "clientId": "{your client id}",
    "expiresIn": 3600,
    "expires": "{2018-07-23T16:04:31Z}",
    "isUser": true
  },
  "errors": null
}
```

br
div
### Refresh Token

#### POST /refreshToken

> Refresh tokens are used to get a new access token without having to resubmit user credentials.
- Valid for 30 days. After 30 days, you’ll have to resubmit user credentials.
- Can only be used once.



##### Request Body

```json
{
  "refreshToken": "{some refresh token}", // "2ecet06a-bd6a-4f94-a24a-452zt5f2c999"
  "clientId": "{your client id}" // "123456"
}
```

##### Response

```json
{
  "success": true,
  "result": {
    "accessToken": "{some access token}",
    "refreshToken": "{some refresh token}",
    "tokenType": "{bearer}",
    "clientId": "{your client id}",
    "expiresIn": 3600,
    "expires": "{2018-07-23T16:06:35Z}",
    "isUser": true
  },
  "errors": null
}
```

br
div