# Authentication

Operations for generating and managing API tokens

## Generate JWT token

> Generate a JWT token for SDK authentication.\
> \
> \### Authentication\
> \
> This endpoint uses client credentials (not HMAC signature). You must provide:\
> \- \`x-client-id\`: Your project's client ID\
> \- \`x-client-secret\`: Your project's client secret\
> \
> \*\*Important Notes:\*\*\
> \- Tokens expire after the specified duration (default: 1 hour)\
> \- Use this endpoint from your backend to obtain tokens for frontend SDK usage\
> \- Never expose your client secret in client-side code<br>

```json
{"openapi":"3.0.3","info":{"title":"Orda API","version":"1.1.0"},"tags":[{"name":"Authentication","description":"Operations for generating and managing API tokens"}],"servers":[{"url":"https://api.orda.network/v1","description":"Default API path"}],"security":[{"ClientId":[],"Signature":[],"Timestamp":[]}],"components":{"securitySchemes":{"ClientId":{"type":"apiKey","in":"header","name":"x-client-id","description":"Your project client ID from orda dashboard"}},"schemas":{"Error":{"type":"object","properties":{"error":{"type":"string","description":"Error type identifier"},"message":{"type":"string","description":"Human-readable error message"},"correlationId":{"type":"string","description":"Request correlation ID for debugging"}}}}},"paths":{"/tokens":{"post":{"summary":"Generate JWT token","description":"Generate a JWT token for SDK authentication.\n\n### Authentication\n\nThis endpoint uses client credentials (not HMAC signature). You must provide:\n- `x-client-id`: Your project's client ID\n- `x-client-secret`: Your project's client secret\n\n**Important Notes:**\n- Tokens expire after the specified duration (default: 1 hour)\n- Use this endpoint from your backend to obtain tokens for frontend SDK usage\n- Never expose your client secret in client-side code\n","tags":["Authentication"],"parameters":[{"name":"x-client-id","in":"header","required":true,"description":"Your project's client ID","schema":{"type":"string"}},{"name":"x-client-secret","in":"header","required":true,"description":"Your project's client secret","schema":{"type":"string"}}],"requestBody":{"required":false,"content":{"application/json":{"schema":{"type":"object","properties":{"expiresIn":{"type":"integer","minimum":60,"maximum":86400,"default":3600,"description":"Token expiration time in seconds (default 3600 = 1 hour)"},"permissions":{"type":"array","items":{"type":"string","enum":["quotes:read","offramp:read","onramp:read","transactions:read","recipients:read","recipients:write"]},"default":["quotes:read","offramp:read","onramp:read","transactions:read","recipients:read"],"description":"Permissions to grant to the token"}}}}}},"responses":{"200":{"description":"Token generated successfully","content":{"application/json":{"schema":{"type":"object","properties":{"token":{"type":"string","description":"JWT token for SDK authentication"},"expiresAt":{"type":"string","format":"date-time","description":"ISO 8601 timestamp when the token expires"}}}}}},"401":{"description":"Unauthorized - Invalid or missing credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"429":{"description":"Too Many Requests - Rate limit exceeded","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```