# Authentication

Our authentication is based on the Client Credentials flow of the OAuth 2.0 authentication framework ([Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4)).

You need to retrieve an access token (`ACCESS_TOKEN`) from our authentication endpoint to then send in the header (`"Authorization: Bearer ACCESS_TOKEN"`) of subsequent requests.

**To obtain an `ACCESS_TOKEN`, send a POST request to https://auth.reelables.com/oauth2/token?grant_type=client_credentials with headers:**
- `"Content-Type": "application/x-www-form-urlencoded"`
- `"Authorization": "Basic base64(CLIENT_ID>:<CLIENT_SECRET>)"`
where base64() is the base64-encoded representation of the `<CLIENT_ID>:<CLIENT_SECRET>` combination.

**Using the `ACCESS_TOKEN` in requests:**
- add an `Authorization` header to your request including the `ACCESS_TOKEN` as the value: `"Authorization: Bearer ACCESS_TOKEN"`
- the `ACCESS_TOKEN` is valid for 1 hour. Once it has expired, re-authenticate to obtain a fresh `ACCESS_TOKEN`


## Example
_Example Authentication request_
```curl --request POST --url 'https://auth.reelables.com/oauth2/token?grant_type=client_credentials' --user CLIENT_ID:CLIENT_SECRET --header 'Content-Type: application/x-www-form-urlencoded'```
- Note: using the curl --user option adds an `Authorization` header with value `Basic Base64(CLIENT_ID:CLIENT_SECRET)`