> ## Documentation Index
> Fetch the complete documentation index at: https://developer.fabric.inc/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication in Dropship

When integrating with fabric APIs, you must authenticate daily before making any API requests. Authentication establishes the necessary access to retrieve and send data.

If you encounter the error below, this means authentication hasn't been completed.

```json theme={null}
401: {"detail":"Authentication credentials were not provided."}
```

To resolve this, you must successfully authenticate before making any further API calls.

## Getting an Access Token

API clients are required to have both a `client_id` and `client_secret` to generate an authentication token. The following steps outline how to get your required credentials.

1. Log in to fabric Dropship.

2. In the top navigation, click **Merchant or Supplier Settings** from the merchant/supplier dropdown. The dropdown will match your merchant/supplier name.

   The **Merchant or Supplier Settings** page is displayed.

3. Click **API Clients**.

   The **API Clients** page is displayed with a list of all your active API clients.

4. Click **Add API Client**.

   The **Create API Client** window is displayed.

5. In the **Client Name** field, enter a client name.

   This name will be used to differentiate each of your API clients. You can have multiple API clients as needed.

6. Click **Create Client**

   The API client is created and appears in the **API Clients** table.

7. Click the name of the API client you just created.

   The **Client Credentials** page is displayed. On this page you can see an **Authentication URL** used to generate a token, your **API URL**, **Retailer ID or Brand ID**, and `client_id`. The **Retailer ID or Brand ID** is used in most API calls as a required path parameter depending on if you are using merchant or brand API endpoints.

8. In the **Client Secret** field, click **Get Client Secret**.

   The **API Secret** window is displayed with a warning message.

<Note> You will only be able to see your API secret once. If you lose it, you will have to generate a new set of credentials. </Note>

9. Click **Show API Secret**.

   The **API Secret** is displayed, save this secret somewhere secure. This is used as the `client_secret`. You now have the credentials needed to generate an access token.

10. To obtain an access token, you must authenticate using the **Client Credentials** grant type. The request body should be *x-www-form-urlencoded* as shown below.

```bash theme={null}
curl --location --request POST 'https://marketplace-api.fabric.inc/auth/token/'  
--header 'accept: application/json'  
--header 'cache-control: no-cache'  
--header 'content-type: application/x-www-form-urlencoded'  
--data-urlencode 'grant_type=client_credentials'    
--data-urlencode 'client_id={{clientId}}'  
--data-urlencode 'client_secret={{clientSecret}}'
```

The following JSON response is returned:

```json theme={null}
HTTP/1.1 200 OK
{
  "access_token": "0oW0r4m1pjIlb5UJujZA5iVuse0XSn",
  "token_type": "Bearer",
  "expires_in": 36000,
  "scope": "read write"
}

```

After an access token has been obtained, you can make requests to protected endpoints by including your access token in the **Authorization** header.
