> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yativo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Bearer Token

> Exchange your API key and secret for a Bearer token. This is the starting point for all API authentication.

**Start here.** All API endpoints require `Authorization: Bearer <token>`. Exchange your API key credentials for a token using this endpoint — no login session required. Tokens expire after **60 minutes**; call this endpoint again to get a fresh one. Your API key never expires.

<ParamField body="api_key" type="string" required>
  Your API key (starts with `yativo_`). Obtained when you created the key.
</ParamField>

<ParamField body="api_secret" type="string" required>
  Your API secret. Shown **only once** at key creation — store it securely.
</ParamField>

<Note>
  This endpoint does **not** require an `Authorization` header — use it to bootstrap your authentication.
</Note>

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST 'https://crypto-api.yativo.com/api/v1/auth/token' \
    -H 'Content-Type: application/json' \
    -d '{
      "api_key": "yativo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "api_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    }'
  ```

  ```typescript TypeScript theme={null}
  const response = await fetch('https://crypto-api.yativo.com/api/v1/auth/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      api_key: process.env.YATIVO_API_KEY,
      api_secret: process.env.YATIVO_API_SECRET,
    }),
  });
  const { access_token } = await response.json();
  ```
</RequestExample>

<ResponseExample>
  ```json Success theme={null}
  {
    "success": true,
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "token_type": "Bearer",
    "expires_in": 3600,
    "expires_at": "2026-03-28T11:00:00.000Z",
    "scopes": ["read", "write", "transactions"],
    "refresh_recommendation": {
      "refresh_before_seconds": 300,
      "auto_refresh_enabled": true
    }
  }
  ```

  ```json Error — Invalid credentials theme={null}
  {
    "success": false,
    "error": "Invalid, expired, or revoked API key"
  }
  ```
</ResponseExample>
