# OAuth Bearer Token

## Using the Client Credentials Method to Authenticate with Limio's APIs

**The client credentials method** for generating an OAuth Bearer Token allows secure, server-to-server authentication without user involvement. It enables interaction with most of Limio's APIs, including the Order API, Subscription API, Abandoned Basket API, and External Identities API. This is typically the method you will use to get started.

### Prerequisite

To access Limio's API via the OAuth Bearer Token, you will first need your `client_id` and `client_secret`. To obtain these credentials, please contact Limio Support via [this link](mailto:support@limio.com?subject=Request%20for%20Client%20ID%20and%20Client%20Secret\&body=Please%20provide%20my%20Client%20ID%20and%20Client%20Secret%20to%20access%20Limio's%20API%20via%20the%20bearer%20token.%20My%20Limio%20Commerce%20application%20is%20https%3A%2F%2F%7B%7Btenant%7D%7D.prod-us.limio.com.).

### How to get your Bearer Token

**Endpoint:** To create your Bearer Token, you need to send a request to the following endpoint:

```
POST {{tenant}}/oauth2/token
```

* Where **{{tenant}}** is your Limio application URL such as <https://{{tenant}}.prod-us.limio.com> (US hosting) or <https://{{tenant}}.prod.limio.com> (EU hosting)

**Headers:** You will need to include the following headers in your request:

| **Header**   | **Value**                           |
| ------------ | ----------------------------------- |
| Content-Type | 'application/x-www-form-urlencoded' |

**Request body:** You will need to include the following payload in your request:

| **Form Parameters** | **Value**                                            |
| ------------------- | ---------------------------------------------------- |
| grant\_type         | `client_credentials`                                 |
| client\_id          | The `client_id` you received from Limio Support.     |
| client\_secret      | The `client_secret` you received from Limio Support. |

**Example:** For example, to request a Bearer token, you can send a request using cURL:

```
 curl --request POST \
  --url https://{tenant}/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id={client_id_details} \
  --data client_secret={client_secret_details}
```

**Response:** This will return the following response:

```
HTTP/1.1 200 OK 
Content-Type: application/json

{ 
    "access_token":"<Bearer <YOUR_TOKEN_HERE>",
    "token_type":"Bearer", 
    "expires_in":3600 
}
```

**Next steps:** Place your Access Token ("\<Bearer \<YOUR\_TOKEN\_HERE>") to use in the authorisation header of all API calls set to the BearerAuth. For example, to call the Order Api, you'd use:

```
const basePath = 'api';
const domain = 'prod.limio.com' or 'prod-us.limio.com';
const shard = 'tenant';
const resp = await fetch(
  `https://${shard}.${domain}/${basePath}/order`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      Authorization: 'Bearer <YOUR_TOKEN_HERE>'
    }...
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.limio.com/developers/api-documentation/authentication-overview/oauth-bearer-token.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.