# Authentication for Vyafac API Authentication is essential for securing access to the Vyafac API. This guide explains how to properly authenticate your requests and manage your access tokens. ## Bearer Token Authentication Vyafac API uses Bearer token authentication for all API requests. Every request to the API must include a valid token in the `Authorization` header. ```bash Authorization: Bearer sk_live_your_api_key ``` Requests without proper authentication or with invalid tokens will be rejected with a 401 Unauthorized response. ## Obtaining an Access Token To acquire a Bearer Token for API authentication, follow these steps: 1. **Go to the Vyafac Developer Portal**: Navigate to the official Vyafac Developer Portal through their website. 2. **Access Developer Settings**: Locate and enter the Developer Settings section where token management options are available. 3. **Generate a New Token**: Create a new API token with the appropriate permissions for your integration needs. 4. **Download and Store Securely**: After creation, download your token and store it in a secure location. Note that tokens are only displayed once for security reasons. ## Token Expiration and Management - **Expiration Period**: Each token has a specific expiration date that is established when the token is created. - **Token Renewal**: Once a token expires, you must generate a new one to maintain API access. ## Authorization Errors When a request attempts to access resources outside the user's permitted scope, or when authentication fails, Vyafac API returns an Unauthorized error response: ```json { "status": "error", "message": "Unauthorized", "meta": null, "data": null, "errors": [], "code": 401, "timestamp": "2025-02-26T10:38:19+00:00", "version": "1.0.0" } ``` ## Security Best Practices - Never expose your API tokens in client-side code - Implement token rotation for enhanced security - Use environment variables to store tokens in your applications ## Next Steps After successfully authenticating with the API, you can proceed to make requests to the various endpoints available in the Vyafac API.