> ## Documentation Index
> Fetch the complete documentation index at: https://docs.harmonyforstaffing.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your API requests

## Overview

The API uses OAuth 2.0 for authentication with JWT tokens. We support multiple authentication flows:

1. **Authorization Code Flow** - For web applications with users
2. **Client Credentials Flow** - For machine-to-machine API access

## Getting Started

### 1. Obtain API Credentials

Log in to the platform and navigate to the API Settings section to:

* Register your application
* Get your Client ID and Client Secret
* Configure your OAuth redirect URLs

### 2. Choose Authentication Flow

#### For Web Applications (Authorization Code Flow)

Best for apps where a user is present:

1. Direct users to our authorization endpoint
2. Exchange the authorization code for tokens
3. Use the access token to make API requests
4. Refresh tokens when needed

#### For Machine-to-Machine APIs (Client Credentials Flow)

Simplified flow for server-side applications:

1. Get an access token directly using client credentials
2. Use the access token to make API requests

### 3. Making Authenticated Requests

Include the access token in all API requests:

```text theme={null}
Authorization: Bearer your_access_token
```

## Security Best Practices

* Store client secrets securely
* Use HTTPS for all API requests
* Implement proper token validation
* Rotate refresh tokens (handled automatically)
* Request only necessary scopes
* Validate token expiration

For detailed implementation guides and examples, see the [detailed authentication guides](/api-reference/endpoint/authentication/guide).