# Authenticating your API calls

Foleon's API is secured with Bearer token authentication, which is a stateless, header-based authentication method where the client presents a pre-issued token to prove its identity.
In order to obtain a Bearer token **you first need to request API credentials**. If you have the Enterprise package you can retrieve these API credentials through our [support](https://www.foleon.com/contact) team, or by contacting your CSM.

### Getting a Bearer token

After retrieving your API credentials (`client_id` and `client_secret`) you can use them to get a Bearer token using a [POST method for the OAuth endpoint](/apis/authentication/obtainoauthtoken) by putting them in the request payload.

Here is an example of a request retrieving a Bearer token in Python:


```python
import requests

url = "https://api.foleon.com/oauth"

payload = {
  "grant_type": "client_credentials",
  "client_id": "xxxxx000x0",
  "client_secret": "X0xXx0X0xxX0XxXx0X0Xxx0xXx0xX0Xx0XxX0xX0xxX0XxXx0X0Xxx0xXx0xX0"
}

headers = {"Content-Type": "application/json"}

response = requests.post(url, json=payload, headers=headers)

data = response.json()
print(data.get("access_token"))
```

### Using your Bearer token to Authenticate calls

Now that we've obtained a Bearer token we can use it in the headers of our consecutive requests to authenticate them.
For example, here is a call retrieving a Doc object:


```python
url = "https://api.foleon.com/v2/magazine/edition/1234567"

headers = {"Authorization": f"Bearer {data.get('access_token')}"}

response = requests.get(url, headers=headers)

data = response.json()
print(data)
```

### Refreshing the token

A Bearer token has limited lifetime of 1 hour. After the hour passes the token becomes invalid and a new token needs to be requested using the same [POST method for the OAuth endpoint](/apis/authentication/obtainoauthtoken). Be sure to take this into account when developing applications with longer or indefinite runtimes.