> ## Documentation Index > Fetch the complete documentation index at: https://docs.paysway.io/llms.txt > Use this file to discover all available pages before exploring further. # Authentication Our API uses **M2M clients** to authenticate your application. Each M2M client has a `client_id` and `client_secret`, and uses the OAuth2 client credentials flow to obtain a short-lived access token. ## Get your credentials Create and manage M2M clients in the [Dashboard](https://dashboard.paysway.io/settings/api). No dashboard access yet? Contact us directly or get started [here](https://paysway.io/get-started). ## Obtain an access token **POST /oauth2/token** Must be `application/x-www-form-urlencoded`. Must be `client_credentials`. Your M2M client ID. Your M2M client secret. ```shell Request theme={null} curl --request POST \ --url 'https://api.paysway.dev/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data client_id=YOUR_CLIENT_ID \ --data client_secret=YOUR_CLIENT_SECRET ``` ```json Response theme={null} { "access_token": "ACCESS_TOKEN", "token_type": "Bearer", "expires_in": 3600 } ``` ## Use the token Include the token in the `Authorization` header of every API request: `Bearer YOUR_ACCESS_TOKEN` ```shell theme={null} curl --request POST \ --url https://api.paysway.dev/payments/validations \ --header 'Authorization: Bearer YOUR_ACCESS_TOKEN' ``` Tokens expire after 3600 seconds. If you receive a `401 Unauthorized`, request a new token. Consider refreshing proactively before expiry to avoid interruptions.