# Authentication API Integration

## Authentication API Overview

The LiquidCommerce Authentication API provides a secure method to obtain an access token for all other API calls to LiquidCommerce Services. This token ensures secure access to various LiquidCommerce services and enables seamless integration into applications.

### Key Features

* **Obtain Access Tokens**: Retrieve a token for API authentication.
* **Secure API Access Management**: Safeguard API access through token-based authentication.
* **Service Integration**: Integrate LiquidCommerce services into your applications efficiently.

## Base URLs

These URLs serve as the base for all LiquidCommerce API calls, depending on the environment (staging or production).

* **Staging**: `https://staging.api.liquidcommerce.cloud` 
* **Production**: `https://api.liquidcommerce.cloud`

## Using the Access Token

After obtaining the [access token](https://docs.liquidcommerce.cloud/authentication-api-integration/get-access-token), include it in the `Authorization` header of subsequent API calls to other LiquidCommerce services.

```
Authorization: Bearer <YOUR_ACCESS_TOKEN>
```

### Token Lifecycle

1. Initial Authentication: Exchange API key for access token
2. Token Usage: Include token in Authorization header
3. Token Refresh: Use refresh mechanism before expiration
4. Token Invalidation: Automatic expiry

### Access Token Refresh

All API endpoints that require authentication now support token refreshing. This is done by including a `refresh` parameter in the request body.

#### Request Body Parameter

<table><thead><tr><th width="220">Parameter</th><th width="109">Type</th><th>Description</th></tr></thead><tbody><tr><td><code>refresh</code></td><td>boolean</td><td>When set to <code>true</code>, a new access token will be generated and returned</td></tr></tbody></table>

#### Response

When `refresh` is set to `true`, the API response will include an `auth` object containing the new access token information.

```json
{
    "auth": {
        "token": "<NEW_ACCESS_TOKEN>",
        "type": "ACCESS_TOKEN",
        "exp": 1722920383204
    },
    // ... other response data
}
```

## Error Handling

The API uses standard HTTP response codes to indicate the success or failure of requests. In case of an error, the response body will contain a JSON object with more details about the error.

## Rate Limiting

The Authentication API is subject to rate limiting to ensure fair usage and maintain performance. If you exceed the rate limit, you'll receive a 429 (Too Many Requests) response.

## Best Practices

* Store the access token securely on the client-side.
* Include the `refresh` parameter when making requests close to the token's expiration time.
* Update the stored access token whenever a new one is received in the `auth` object of a response.
* Implement proper error handling for cases where token refresh fails.

## Support

Our dedicated support team is available to assist you with API integration and usage. For any questions or issues, please contact <solutions@liquidapp.co>.