> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getasset.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

Asset's API uses OAuth 2.0 for authentication. All API requests require a valid access token, included in the `Authorization` header.

## **Getting an Access Token**

1. **Set Up Your Tenant Account**
   * A Tenant Account is required to authenticate with Asset's API. If you don't have one, reach out via our Contact form.
   * Once set up, you can manage OAuth credentials in the Asset Dashboard.
2. **Obtain Client Credentials**
   * Register an application in the Asset Dashboard to receive a `client_id` and `client_secret`.
   * Separate credentials exist for **Production** and **Sandbox** environments.
3. **Request a Token**

Use your client credentials to request an access token:

```bash theme={null}
curl --request POST \
  --url https://api.sandbox.getasset.com/v0/auth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=<string>' \
  --data 'client_secret=The oauth client secret'
```

A successful response returns:

```bash theme={null}
{
  "access_token": "your-access-token",
  "token_type": "Bearer",
  "expires_in": 1777657168
}
```

### Scoping the access token to a business

You can scope the access token to a business by passing the business id as a body parameter

```bash theme={null}
curl --request POST \
  --url https://api.sandbox.getasset.com/v0/auth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=<string>' \
  --data 'client_secret=The oauth client secret' \
  --data business_id=biz_GA6EG2qFxA97NZHtxeLPUy
```

### Scoping the access token to a resource

You can scope the access token to a subset of resources and actions that can be done on that resource.
For example, to create an access token to only create, read and update the ledgers, you can add the
list of scopes to the request:

```bash theme={null}
curl --request POST \
 --url https://api.sandbox.getasset.com/v0/auth/token \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data 'client_id=<string>' \
 --data 'client_secret=The oauth client secret' \
 --data 'scope=ledger:create ledger:update ledger:read'
```

## **Authenticating API Requests**

Include the access token in the `Authorization` header:

```bash theme={null}
curl --request GET \
  --url "https://api.sandbox.getasset.com/v0/business?page_size=100" \
  --header "Authorization: Bearer YOUR_ACCESS_TOKEN"
```

Access tokens expire after a set time and must be renewed using the same OAuth flow. Manage credentials in the Asset Dashboard.

<Warning>
  {" "}

  Credentials and tokens should always be kept secure—never share them outside
  your organization and exercise caution when sharing internally.
</Warning>

<Note>
  {" "}

  Questions? Reach out via our [Contact
  form](https://www.getasset.com/get-in-touch).{" "}
</Note>