# Authentication API

{% hint style="info" %}
**API Endpoint** 

**POST**    [**/client/authenticate**](https://apis.xpay.stream/client/authenticate)
{% endhint %}

***

{% hint style="info" %}
**Request Headers:**

Content-Type: application/json<br>

**Request Body:**

{% code lineNumbers="true" %}

```json
{
    "username" : "<email>",
    "secretKey": "<your_key>",
    "isAPI": true
}
```

{% endcode %}
{% endhint %}

{% hint style="success" %}
**Success Response**

Get your APIs **access\_token** from `success.data.access_token`&#x20;

{% code lineNumbers="true" fullWidth="true" %}

```json
{
  "success": {
    "message":"Authenticated",
    "data": {
      "success":true,
      "expiresAt":1783077877510,
      "user": { "username":"email@test.com","scopes":["tme_user"],"isAPI":true },
      "ticket":"b1d4b9a9511dd58fb84a9aab9cc2a740",
      "access_token":"eyJhbGciO...p_Nlg" // Your APIs Access Token
    },
    "uuid":"f8623092-a59a-4ceb-bc75-18e59815d5df" // request tag system reference
  }
}
```

{% endcode %}
{% endhint %}

{% hint style="warning" %}
**Error Response**

{% code lineNumbers="true" fullWidth="true" %}

```json
{
  "error": {
    "message":"invalid credentials",
    "data":{"invalid":true},
    "tag":"6181882e-a5a3-4f28-abce-4f24f4905412" // error tag system reference
  },
  "uuid":"973e8576-b518-419b-84c3-dd0a7467e64d" // request tag system reference
}
```

{% endcode %}
{% endhint %}

***

{% tabs %}
{% tab title="CURL Example" %}

<pre class="language-bash" data-line-numbers data-full-width="true"><code class="lang-bash"><strong>curl 'https://apis.xpay.stream/client/authenticate' \
</strong>  -H 'Content-Type: application/json' \
  --data-raw '{"username":"&#x3C;your_email>","secretKey":"&#x3C;your_key>", "isAPI": "true" }'
</code></pre>

{% endtab %}

{% tab title="NodeJS Example" %}
{% code lineNumbers="true" %}

```javascript
// npm i cross-fetch
const fetch = require("cross-fetch");

const API_URL = "https://apis.xpay.stream/client/authenticate";

const method = "POST";

const headers = { "content-type": "application/json" };

const body = JSON.stringify({ 
    username: "your_email", 
    secretKey: "your_secret",
    isAPI: true
});

fetch(API_URL, { headers, body, method })
.then(async res =>  await res.json())
.then(result => {

    if(result.error) {
        console.log("Authentication Error", result);
    }

    if(result.success) {
        
        // use next on access_token
        // to authentication all API Calls
        // with Header: Authorization Bearer access_token
        const access_token = result.success.data.access_token;
         
        console.log("Authentication Success", result);
    }
})
.catch((err) => {
    console.error(err);
});

// Example Response
const response = {
    "success": {
        "message": "Authenticated",
        "data": {
            "success": true,
            "expiresAt": 1728210519128,
            "user": {
                "username": "admin",
                "scopes": [
                    "tme_admin"
                ],
                "isAPI": false
            },
            "ticket": "4a5753991ab08f5ac8a4732c286bc7dc",
            "access_token": "eyJhbGciOiJIUz...XXnxw"
        }
    },
    "uuid": "38e27ab0-d331-4c63-8f24-e1603739511d"
}
```

{% endcode %}

{% endtab %}
{% endtabs %}