> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yativo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Test: Authentication

> Get a Bearer token for the sandbox — use the shared key instantly or sign up at the sandbox dashboard for isolated data

## Option A — Shared sandbox key (instant, no sign-up)

Use the pre-populated shared sandbox API key to get a token immediately:

```bash theme={null}
curl -X POST 'https://crypto-sandbox.yativo.com/api/v1/auth/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "api_key":    "yativo_e072b3ef7e30fcb420183aa86ddd8452abd28a9ac8f5d04d",
    "api_secret": "df8da4d6b855c7e89bd3b4216dd0a1f4b30de1963c9bff0dcd666b15a0f836a5"
  }'
```

```json Response theme={null}
{
  "success": true,
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}
```

Pass the `access_token` as `Authorization: Bearer <token>` on every request. Tokens expire in 60 minutes — call `/auth/token` again with the same key to refresh. **The API key itself never expires.**

<Warning>
  This is a **shared public sandbox key**. Any developer following these docs can read and write to the shared sandbox account. For private isolated testing, use Option B below.
</Warning>

***

## Option B — Your own sandbox account

For isolated sandbox data with your own wallets and transactions:

1. Sign up at [sandbox-crypto.yativo.com](https://sandbox-crypto.yativo.com) — sign-up is **passwordless**, you'll receive a one-time code by email
2. Go to **Settings → API Keys** and create a sandbox API key
3. Use your key with the token endpoint:

```bash theme={null}
curl -X POST 'https://crypto-sandbox.yativo.com/api/v1/auth/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "api_key":    "yativo_<your_sandbox_key>",
    "api_secret": "<your_sandbox_secret>"
  }'
```

***

## Using the token

Pass the token on every sandbox request:

```bash theme={null}
curl 'https://crypto-sandbox.yativo.com/api/v1/accounts/get-accounts' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN'
```

***

## Refreshing a token

Simply call `/auth/token` again with the same API key credentials — there is no separate refresh endpoint:

```bash theme={null}
curl -X POST 'https://crypto-sandbox.yativo.com/api/v1/auth/token' \
  -H 'Content-Type: application/json' \
  -d '{ "api_key": "yativo_...", "api_secret": "..." }'
```
