> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mention-me.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Understand how to authenticate with the API and make your first authenticated request.

Welcome to the Authentication Guide for Mention Me.

# Getting started

By the end of this Getting Started guide for authentication, you will have:

* [Created a new API key](/api-reference/authentication/create-api-key)
* [Retrieved an authentication token using the API key](/api-reference/authentication/access-token)
* [Made your first authenticated request to get a customer](/api-reference/merchant-api/first-request)

<Info>
  ### Access

  You'll need to have a Mention Me account already set up to use this API. If you don't have access, please contact your account manager.

  Creating and managing API keys requires the **Administrator** role. If you don't have this role, contact an administrator within your organisation. See [User Management](/knowledge/security/account/user-management) for details.
</Info>

# Client Credentials Flow Diagram

Before diving into the details, let's walk through the OAuth2 client credentials flow. Understanding this flow is crucial for a smooth authentication experience.

1. **Key Generation**: Obtain **client credentials** (client ID and client secret) by registering your application on our developer portal in the Mention Me platform.
2. **Authentication Request**: Your application sends a request to our authorization server (the `/oauth/token` endpoint) with the **client credentials**. Upon successful authentication, the authorization server issues an **access token**, valid for one hour.
3. **API Requests**: Use the **access token** to make authorized requests to our API.

Steps (2) and (3) are shown in the following diagram:

```mermaid theme={null}
sequenceDiagram
    participant Client
    participant /oauth/token
    participant MerchantAPI

    Client->>/oauth/token: Request token using "client_credentials" OAuth flow
    /oauth/token-->>Client: Authentication access token (JWT) returned
    Client->>MerchantAPI: Request to get a customer, with JWT in header
    MerchantAPI-->>Client: Customer returned (if scopes allowed)
```

# Token Expiration Management

The **access token** provided will last for **1 hour**.

You should implement a mechanism to refresh tokens when they expire to ensure uninterrupted access.

## Next steps

<Card title="Create an API key" icon="key" href="/api-reference/authentication/create-api-key">
  Set up your first API key to start making authenticated requests.
</Card>