# Get started (using auth v1)

All requests to the Younium API must be authenticated using a **JWT access token**. This guide explains how to generate the required credentials, acquire a JWT token, and use it to make authenticated API calls.

### Step 1: Generate an API Token and Client Credentials

1. Open the **User Profile Menu** in the top-right corner (click your user name).
2. Go to **Privacy & Security**.\\

   <div align="left"><figure><img src="https://940708998-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMV73ftGLs1NaypiZYzZB%2Fuploads%2Fgit-blob-78d07ccb59e1c26b9f696fa21c6dc1e7eb963ed1%2Fimage.png?alt=media" alt="" width="292"><figcaption></figcaption></figure></div>
3. Select **Personal Tokens** in the left-hand panel.
4. Click **Generate Token**.\\

   <div align="left"><figure><img src="https://940708998-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMV73ftGLs1NaypiZYzZB%2Fuploads%2Fgit-blob-381f3d5b632277e64c132b3006d292b6a4e0b497%2Fimage%20(1).png?alt=media" alt="" width="375"><figcaption></figcaption></figure></div>
5. Enter a descriptive name for the token and click **Create**.
6. The **Client ID** and **Secret Key** will now be displayed and will be used to generate the JWT token.

<div align="left"><img src="https://younium.gitbook.io/~gitbook/image?url=https%3A%2F%2F940708998-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FMV73ftGLs1NaypiZYzZB%252Fuploads%252FfXHKaqA8o7bEJ3l5Uk5u%252FCredentials%2520%281%29.png%3Falt%3Dmedia%26token%3Dc0361a08-2e62-4130-926a-81c2cbeabc61&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=a51723c7&#x26;sv=1" alt="" width="375"></div>

### Step 2: Generate a JWT Token <a href="#generating-a-jwt-token" id="generating-a-jwt-token"></a>

Make a `POST` request to the `/auth/token` endpoint with your client credentials.

#### Endpoints

* Production: `https://api.younium.com/auth/token`
* Sandbox: `https://api.sandbox.younium.com/auth/token`
* US Production: `https://api.us.younium.com/auth/token`
* US Sandbox: `https://api.us.sandbox.younium.com/auth/token`

#### Request Header

```http
Content-Type: application/json
```

#### Request Body

```json
{ 
  "clientId": "<Client Id>", 
  "secret": "<Secret Key>" 
}
```

#### Successful Response

```json
{
  "expires": "Thu, 21 Sep 2025 11:12:01 GMT",
  "expiresIn": 86400,
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cC...",
  "refreshToken": "4baf4774-5ef9-4983-a8d8-f4fdae7f7000"
}
```

* The **access token** is valid for **24 hours**.
* Once expired, you must request a new token.

#### Error Response

If authentication fails, you may receivean error response:

```json
{
    errors: ["<Error message>"]
}
```

* `400` or `401`: Invalid credentials or other authentication issues.

### Step 3: Making Authenticated API Calls

Request headers:

```http
Authorization: Bearer <JWT Token>
Content-Type: application/json
legal-entity: <Legal Entity Id or Name>
```

**`legal-entity`** is required if your tenant has multiple legal entities.

### Common Authentication Errors

* **401 Unauthorized**
  * Token is missing, has expired, or is invalid.
* **403 Forbidden**
  * The request is authenticated, but access is blocked. Possible reasons include :
    * Invalid or missing **`legal-entity`** header.
    * Insufficient user permissions.
    * Restricted access to integrations or services.