# Authentication

OAuth 2.0 client credentials token management.

## Create an access token

 - [POST /auth/token](https://tote.redocly.app/online-ordering/spec/openapi/authentication/createtoken.md): Exchange your client credentials for an access token using the
OAuth 2.0 client credentials flow.

How it works:
1. Send your client_id and client_secret in the request body
2. Receive a Bearer token valid for 24 hours
3. Include the token in the Authorization header of all subsequent requests

Token caching: Cache your token and reuse it until it expires.
Do not request a new token for every API call -- this will trigger
rate limiting.

Token expiry: Tokens expire after 86400 seconds (24 hours).
When your token expires, request a new one. There is no refresh
token flow -- simply re-authenticate with your client credentials.