# Authentication To authenticate on each endpoint is very simple. Just insert you token on the "Authorization" header and x-company-id **Example** ``` 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer c7f35c84-7893-4087-b4fb-d1f06c23 ', 'x-company-id': '' }, ``` {% hint style="warning" %} Remember to change the ficction token *c7f35c84-7893-4087-b4fb-d1f06c23* for your valid token. {% endhint %} ## **Get Authorization token** This endpoint is used to authenticate the company. Upon successful execution, it returns a status code of `200` along with a token in the response body. ### Create token `POST` This endpoint is used to authenticate company on Elyssa App and return token to use API. The token it's validate for 24 hr, after that time, you need use refresh token to generate a new token. {% hint style="warning" %} The refresh token it's validate for 360 days {% endhint %} #### Request Body | Name | Type | Description | | ------------------------------------------- | ------ | ----------- | | companyId\* | String | companyId | {% tabs %} {% tab title="200: OK Authentication token" %} ```json { "accessToken": "eyJhbGciOiJIInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1NjQxMjMzNS1hMzVjLTRmYWQtYmExYy03NmEzMDY4MzAxYjUiLCJ1c2VybmFtZSI6ImFkbWluQGVseXNzYS5hcHAiLCJyb2xlIjoiVVNFUiIsIm9yZ2FuaXphdGltNGUwZC00ZjJmLWJlOTctMjZlMzU1Nzc4MzdmIiwiaWF0IjoxNzA1Njc5ODIyLCJuYmYiOjE3MDU2Nzk4MjIsImV4cCI6MTcwNTY4MzQyMiwiYXVkIjoiREFQVEFfzcyI6IkRBUFRBX0FVVEgifQ.iIo0ruJOZM8mdAYFbh1IHQaJBXRBlYzuTFBQ", "refreshToken": "eyJhbGciOiJIInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1NjQxMjMzNS1hMzVjLTRmYWQtYmExYy03NmEzMDY4MzAxYjUiLCJ1c2VybmFtZSI6ImFkbWluQGVseXNzYS5hcHAiLCJyb2xlIjoiVVNFUiIsIm9yZ2FuaXphdGltNGUwZC00ZjJmLWJlOTctMjZlMzU1Nzc4MzdmIiwiaWF0IjoxNzA1Njc5ODIyLCJuYmYiOjE3MDU2Nzk4MjIsImV4cCI6MTcwNTY4MzQyMiwiYXVkIjoiREFQVEFfzcyI6IkRBUFRBX0FVVEgifQ.iIo0ruJOZM8mdAYFbh1IHQaJBXRBlYzuTFBQ" } ``` {% endtab %} {% tab title="401: Unauthorized " %} {% endtab %} {% endtabs %} {% hint style="info" %} If you try to access any endpoint **without entering the "Authorization" header**, or enter an invalid api\_token, you will receive a response with **status 401 (Unauthorized).** {% endhint %} ### Refresh Token `POST` This endpoint is used to authenticate and generate a new token #### Request Body | Name | Type | Description | | ----------------------------------------- | ------ | ------------ | | refresh\* | String | refreshToken | {% tabs %} {% tab title="200: OK Authentication token" %} ```json { "accessToken": "eyJhbGciOiJIInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1NjQxMjMzNS1hMzVjLTRmYWQtYmExYy03NmEzMDY4MzAxYjUiLCJ1c2VybmFtZSI6ImFkbWluQGVseXNzYS5hcHAiLCJyb2xlIjoiVVNFUiIsIm9yZ2FuaXphdGltNGUwZC00ZjJmLWJlOTctMjZlMzU1Nzc4MzdmIiwiaWF0IjoxNzA1Njc5ODIyLCJuYmYiOjE3MDU2Nzk4MjIsImV4cCI6MTcwNTY4MzQyMiwiYXVkIjoiREFQVEFfzcyI6IkRBUFRBX0FVVEgifQ.iIo0ruJOZM8mdAYFbh1IHQaJBXRBlYzuTFBQ", } ``` {% endtab %} {% tab title="401: Unauthorized " %} {% endtab %} {% endtabs %} {% hint style="warning" %} Remember, the access token is validate for 24 hrs {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://elyssa-app.gitbook.io/api-docs/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.