# Authenticate using API token

Authenticates using an account (tenant) or user API token. Obtain your clientId and secret from Admin Portal → API Tokens, then provide them in the request body. Send the request to your Frontegg environment (e.g., https://.frontegg.com).

Note: By default, this endpoint enforces refresh token rotation. Each API token is limited to 100 active refresh tokens. When authenticating with the same API token for the 101st time, the oldest refresh token is automatically invalidated.

Use this endpoint to securely authenticate automated services, back-end clients, or integrations that rely on static credentials.

Endpoint: POST /resources/auth/v2/api-token
Security: bearer

## Request fields (application/json):

  - `clientId` (string, required)

  - `secret` (string, required)

## Response 200 fields (application/json):

  - `access_token` (string, required)

  - `refresh_token` (string, required)

  - `expires_in` (number, required)

  - `expires` (string, required)