> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yativo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate Token

> Authenticate and obtain a Bearer token for API access

Generate an access token by providing your Account ID and App Secret. The token is required for all subsequent API requests.

```
POST /auth/login
```

<Note>
  Tokens expire after **600 seconds** (10 minutes). Refresh before expiry using `GET /auth/refresh-token`.
</Note>

## Request body

<ParamField body="account_id" type="string" required>
  Your Yativo Account ID. Found in your dashboard under Settings → Account.
</ParamField>

<ParamField body="app_secret" type="string" required>
  Your App Secret generated from Dashboard → Developer → API Key. Keep this confidential and never expose it in client-side code.
</ParamField>

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST 'https://api.yativo.com/api/v1/auth/login' \
    -H 'Content-Type: application/json' \
    -d '{
      "account_id": "your-account-id",
      "app_secret": "your-app-secret"
    }'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.yativo.com/api/v1/auth/login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      account_id: process.env.YATIVO_ACCOUNT_ID,
      app_secret: process.env.YATIVO_APP_SECRET,
    }),
  });
  const { data } = await response.json();
  const token = data.access_token;
  ```
</RequestExample>

<ResponseExample>
  ```json Success theme={null}
  {
    "status": "success",
    "status_code": 200,
    "message": "Authentication successful",
    "data": {
      "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
      "token_type": "bearer",
      "expires_in": 600
    }
  }
  ```

  ```json Unauthorized theme={null}
  {
    "status": "error",
    "status_code": 401,
    "message": "Invalid credentials",
    "data": null
  }
  ```
</ResponseExample>

***

## Refresh Token

Refresh an expiring token without re-authenticating with your credentials:

```
GET /auth/refresh-token
```

<RequestExample>
  ```bash cURL theme={null}
  curl -X GET 'https://api.yativo.com/api/v1/auth/refresh-token' \
    -H 'Authorization: Bearer YOUR_CURRENT_ACCESS_TOKEN'
  ```
</RequestExample>

<ResponseExample>
  ```json Success theme={null}
  {
    "status": "success",
    "status_code": 200,
    "message": "Request successful",
    "data": {
      "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
      "expires_in": 600
    }
  }
  ```
</ResponseExample>
