> ## Documentation Index
> Fetch the complete documentation index at: https://docs.der-connect.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve a temporary access token

> Use your application credentials to retrieve a temporary bearer access token.

<Warning>
  To get started you'll need your application credentials. Request or find yours on <a href="https://traxes.io" target="_blank">Traxes</a>.
</Warning>

<Frame>
  <img src="https://mintcdn.com/realto/EG-Ok6q3nUjGJxIo/images/authentication.jpg?fit=max&auto=format&n=EG-Ok6q3nUjGJxIo&q=85&s=f1c998e87019dc799025bde9666ff213" alt="illustration related to authentication" width="1600" height="800" data-path="images/authentication.jpg" />
</Frame>

Access tokens allow us to identify you or your application as part of your organisation and give you access to the resources that belong to you or have been shared with you.

## Authenticate with OAuth

We use OAuth 2.0 Client Authorisation. This allows us to secure your data so that only you and those who you allow access can see it. In order to authenticate with OAuth, you may provide a `client_id` and `client_secret`.

After successful authentication, you receive a temporarily valid access token (a Bearer token) that you can use to authorise other API requests.

### 1. Creating an access (Bearer) token

Access tokens can be temporarily used to authorise API requests. You can request a (new) token by making an API request using your application credentials (`client_id` and `client_secret`).

You can get an access token by making a `POST` request on a dedicated authentication endpoint managed by Signin.Energy, like in this example:

```bash Request theme={null}
curl --request POST \
     --url https://signin.energy/am/oauth2/realms/root/realms/difesp/access_token \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=client_credentials' \
     --data-urlencode 'client_id=REPLACE_WITH_YOUR_CLIENT_ID' \
     --data-urlencode 'client_secret=REPLACE_WITH_YOUR_CLIENT_SECRET' \
     --data-urlencode 'scope=esp'
```

```json Response theme={null}
{
	"access_token": "eyJ0eXAi[...]",
	"expires_in": 3599,
	"token_type": "Bearer"
}
```

### 2. Authorise an API request

To authorise your API requests, you'll have to provide a valid Bearer token in the `Authorization` header of that request. The Bearer token is your access token.

In the following example request, `REPLACE_WITH_YOUR_BEARER_TOKEN` has to be replaced with your token:

```bash Request theme={null}
curl --request GET \
     --url https://api.traxes.io/connect/v1/onboarding/types/entities \
     --header 'accept: application/json' \
     --header 'authorization: Bearer REPLACE_WITH_YOUR_BEARER_TOKEN'
```