# Access Token (API Key)

**Initial Setup and Admin Authentication**

1. **Admin Creation**:
   * Navigate to the Admin Panel.
   * Go to **Settings -> Admin**.
   * Choose the admin you want to generate an Access Token for.
   * Click on **Generate new key**.
   * Set the key name and optionally set the expiration date.
   * Copy the API key and save it. **You will not be able to access the key upon closing the window.**
2. **Using the Access Token**:

   * After the initial setup, you can authenticate API requests using the Access Token either through headers or a query parameter.

   **Authentication Using Headers**

   * To authenticate via headers, you can use a `curl` command like the following:

     <pre class="language-json" data-full-width="true"><code class="lang-json">curl -L http://your-env-url/api/{storeCode}/member \
         -X "GET" -H "Accept: application/json" \
         -H "X-AUTH-TOKEN: customPermanentToken"
     </code></pre>

***

### Maintaining Authentication State

Access Token (API Key) provided during the initial admin setup is designed to never expire unless specified otherwise. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.

***

### Best Practices

* **Token Security**: Always store the Permanent User Token securely and avoid exposing it in client-side code.
* **Regular Audits**: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.
* **Secure Storage**: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.

***

{% hint style="success" %}
For additional details and best practices, you should consult the official OpenLoyalty API documentation (<https://apidocs.openloyalty.io/>), as it will provide the most accurate and up-to-date information, including any recent changes to the API, security advisories, and detailed endpoint descriptions.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.openloyalty.io/technical-guide/authentication/access-token-api-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.