> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fourthwall.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Exchange your channel client credentials for a Channel API access token

<Note>
  The Channel API is invite only. This page is for partners who have already been
  issued a `channel.*` client ID and secret by Fourthwall.

  For access to Channel API as an agency, please contact [support@fourthwall.com](mailto:support@fourthwall.com)

  For access to Channel API as a platform, please contact [platform-partnerships@fourthwall.com](mailto:platform-partnerships@fourthwall.com)
</Note>

Each channel is issued its own OAuth2 client and authenticates with the
**client credentials** grant. For an overview of what the Channel API is for and
the full onboarding flow, see the
[Channel API Integration Guide](/channel/integration-guide).

## 1. Request an access token

Exchange your client ID and secret for a short-lived access token at the
Fourthwall token endpoint. Credentials are sent with the
**client\_secret\_basic** method — that is, as HTTP Basic Auth on the token
request itself, not in the form body.

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST \
    "https://auth.fourthwall.com/auth/realms/Fourthwall/protocol/openid-connect/token" \
    -u "$CHANNEL_CLIENT_ID:$CHANNEL_CLIENT_SECRET" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials"
  ```

  ```javascript JavaScript theme={null}
  const clientId = process.env.CHANNEL_CLIENT_ID;
  const clientSecret = process.env.CHANNEL_CLIENT_SECRET;

  const basic = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");

  const res = await fetch(
    "https://auth.fourthwall.com/auth/realms/Fourthwall/protocol/openid-connect/token",
    {
      method: "POST",
      headers: {
        Authorization: `Basic ${basic}`,
        "Content-Type": "application/x-www-form-urlencoded",
      },
      body: new URLSearchParams({ grant_type: "client_credentials" }),
    },
  );

  const { access_token } = await res.json();
  ```
</CodeGroup>

<Warning>
  Send the client ID and secret in the `Authorization: Basic` header, not in the
  request body. Submitting them as body parameters returns
  `401 invalid_client`.
</Warning>

The response contains an `access_token` and its `expires_in` lifetime. Tokens
are short-lived — request a new one when the current token expires rather than
caching it indefinitely.

## 2. Call the Channel API

Pass the access token as a **Bearer** token on every Channel API request.

```bash cURL theme={null}
curl "https://api.fourthwall.com/channel-api/v1.0/channel/current" \
  -H "Authorization: Bearer $ACCESS_TOKEN"
```

<Info>
  Use `https://auth.fourthwall.com` and `https://api.fourthwall.com` for
  production. For testing against staging, swap in
  `https://auth.staging.fourthwall.com` and
  `https://api.staging.fourthwall.com`.
</Info>
