# OAuth 2.0 authentication

Achieve more secure API authentication with OAuth 2.0 **access tokens**.

Access tokens are *short lived*. Typically, they will only last **one hour**. This is done to keep your data (and ours) safer.

In exchanging credentials, you'll get a long string called an **access token**. This access token will serve as your bearer token in the authorization header of API calls.

**Find your credentials** in the [Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys).

There are two pieces of information needed to obtain an access token: the **key ID** and **key secret** corresponding to your project ID.

To get an access token, do the following:

1. Login to the Sinch Build Dashboard to get your [access keys](https://dashboard.sinch.com/settings/access-keys).
2. Click on **Create Access Key** and when prompted, enter a display name, then click **Confirm**.
Not at all. If you have existing credentials saved, feel free to use them.
3. A **Key ID** and **Key Secret** will display. Save the project ID, key ID, and key secret someplace safe.
**The key secret is only viewable at the time of initial creation.**
If you accidentally misplace they key secret, no worries! Create a new key.
4. Using the following curl command, get your access token using the key ID and key secret.

```curl
curl https://auth.sinch.com/oauth2/token \
-d grant_type=client_credentials \
-u YOUR_Key_ID:YOUR_Key_Secret
```
5. You'll see your new access token in the response. Now you're ready to use this token on calls to the API. The access token will be useable for **one hour.**


Short lived
The access token is meant to be short lived for enhanced security. Generate one as often as it is necessary.

## Examples

This example will return the number lookup information for the specified phone number using the [Number Lookup API](/docs/number-lookup-api-v2/getting-started). Replace the `<YOUR_TOKEN_HERE>` with your bearer token (including the angle brackets `<>`). Note that you'll also need your project ID, which is [found in the Build Dashboard](https://dashboard.sinch.com/settings/access-keys).

```shell
curl -i -X POST \
  https://lookup.api.sinch.com/v2/projects/<YOUR_PROJECT_ID_HERE> \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "number": "+1235559988",
    "features": [
      "LineType",
      "SimSwap"
    ]
  }'
```