# How to get the token

***

While there are a few ways to get a token, here are examples using both the [Postman app](#postman) and a [cURL](#curl) command.

Your own environment's HTTP library or function may have <mark style="color:red;">`username`</mark> and <mark style="color:red;">`password`</mark> fields or an auth parameter in which you pass your client ID and secret. You can also add your Base64 encoded client ID and secret in an <mark style="color:red;">`Authorization: Basic`</mark> header.

***

### Postman

To generate REST API credentials for the sandbox and live environments:

1. Download [Postman](https://www.postman.com/downloads/) for your environment.
2. In Postman, select the <mark style="color:red;">`POST`</mark> method.
3. Enter the <mark style="color:red;">`https://sandbox.smartfastpay.com/oauth2/token`</mark> request URL.
4. On the **Authorization** tab, select the **Basic Auth** type.\
   Type your client ID in the **Username** box, and type your secret in the **Password** box.
5. Click **Send**.

In exchange for these credentials, the SmartFastPay authorization server returns your access token in the access\_token field:

{% hint style="info" %}
**Response**
{% endhint %}

```bash
{
    "requestId": "a2435636-5f69-447d-8e22-8382f62ef7dd",
    "data": {
        "access_token": "<Access-Token>",
        "token_type": "Bearer",
        "expires_in": 3600
    }
}
```

Include this bearer token in the Authorization header with the Bearer authentication scheme in REST API calls to prove your identity and access protected resources. This sample request includes a bearer token:

```bash
curl -v --location --request POST 'https://sandbox.smartfastpay.com/transaction/checkout' \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer <Access-Token>"
```

Access tokens have a finite lifetime. The <mark style="color:red;">`expires_in`</mark> field contains the number of seconds after which the token expires. For example, an access token with an expiry value of <mark style="color:red;">`3600`</mark> expires in one hour from when the response was generated. In general, access tokens have a life of 15 minutes or eight hours depending on the scopes associated.

To detect when an access token expires, write code to either:

* Keep track of the <mark style="color:red;">`expires_in`</mark> value in the token response.
* Handle the HTTP <mark style="color:red;">`401 Unauthorized`</mark> status code. The API endpoint issues this status code when it detects an expired token.

Re-use the access token until it expires. Then, get a new token.<br>

***

### cURL

1. Download [cURL](https://curl.haxx.se/download.html) for your enviroment.

> **Note:** On Windows, use a Bash shell to make cURL calls.

2. Run this command, where <mark style="color:red;">`client_id`</mark> is your client ID and <mark style="color:red;">`secret`</mark> is your secret:

```bash
curl -v --location --request POST 'https://sandbox.smartfastpay.com/oauth2/token' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic <Access-Credentials>'
```

> **Note:** If you use a command-line tool other than cURL, set the <mark style="color:red;">`Accept`</mark> header to <mark style="color:red;">`application/x-www-form-urlencoded.`</mark>

In exchange for these credentials, the SmartFastPay authorization server returns your access token in the `access_token` field:

```bash
{
    "requestId": "a2435636-5f69-447d-8e22-8382f62ef7dd",
    "data": {
        "access_token": "<Access-Token>",
        "token_type": "Bearer",
        "expires_in": 3600
    }
}
```

Include this bearer token in the <mark style="color:red;">`Authorization`</mark> header with the <mark style="color:red;">`Bearer`</mark> authentication scheme in REST API calls to prove your identity and access protected resources. This sample request includes a bearer token:

```bash
curl -v --location --request GET 'https://sandbox.smartfastpay.com/transactions/' \
        --header "Content-Type: application/json" \
        --header "Authorization: Bearer <Access-Token>"
```

Access tokens have a finite lifetime. The <mark style="color:red;">`expires_in`</mark> field contains the number of seconds after which the token expires. For example, an access token with an expiry value of <mark style="color:red;">`3600`</mark> expires in one hour from when the response was generated. In general, access tokens have a life of 15 minutes or eight hours depending on the scopes associated.

To detect when an access token expires, write code to either:

* Keep track of the <mark style="color:red;">`expires_in`</mark> value in the token response.
* Handle the HTTP <mark style="color:red;">`401 Unauthorized`</mark> status code. The API endpoint issues this status code when it detects an expired token.

Re-use the access token until it expires. Then, get a new token.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.smartfastpay.com/v1/guides/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.