# POST /authentication/getToken ### Request Authentication is performed by posting to `/authentication/getToken` with the following body: ``` { "key": "string", "secret": "string" } ```
FieldMandatoryDescription
keyYesThe key provided to you by 6DOT50. It is uniquely linked to your Merchant account.
secretYesThe secret provided to you by 6DOT50.
{% hint style="info" %} The key/secret will be different between the Test and Production environments. {% endhint %} {% code title="Sample Request" %} ``` { "key": "00000000-0000-0000-0000-000000000000", "secret": "supersecretpassword" } ``` {% endcode %} ### Response If successfully authenticated, the operation will return a token. This token is to be used in subsequent requests to other operations by supplying an `Authorization` header with the value `bearer`` `*`[token]`*. ``` { "success": true, "token": "string", "expiresAt": "2022-09-24T13:31:00.557Z" } ```
FieldResponse TypeDescription
successbooleanWhether authentication was successful or not.
tokenstringIf success is true, this is the Bearer token to be used for subsequent calls to the API.
expiresAtstring($date-time)

If success is true, this is the date and time that the token will expire.

Tokens expire every 15 minutes and must be refreshed.

See Token Expiry and Refresh for more information.

{% code title="Sample Response (Success)" %} ``` { "success": true, "token": "eyJhbGciOiJIzI1NiIsInR5cCI6IkXVCJ9.eyJpZC…", "expiresAt": "2022-09-24T13:31:00.557Z" } ``` {% endcode %} {% code title="Sample Response (Failed)" %} ``` { "success": false } ``` {% endcode %} ### Token Expiry and Refresh Tokens expire after 15 minutes. Field `expiresAt` in the response model can be used to track token expiry. Call the `authentication/getToken` operation again to re-authenticate and receive a new token.