> ## Documentation Index
> Fetch the complete documentation index at: https://developer.payrollintegrations.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Authentication Token

> Generate a new auth token and session for the user

Exchanges client credentials (client ID and client secret) for an access token using HTTP Basic Authentication. The client ID is used as the username and the client secret as the password, encoded as Base64 in the format: Basic base64(clientId:clientSecret).

Authorization is done using the “Basic” format within the “Authorization” header. Assuming client id is “[sean@example.com](mailto:sean@example.com)” and client secret is “MyVeryCoolSecretPleaseDontSteal”, the format of the unencoded string is as follows:

```
sean@example.com:MyVeryCoolSecretPleaseDontSteal
```

Then base64 encode the string (in javascript this is [Window: btoa() method - Web APIs | MDN](https://developer.mozilla.org/en-US/docs/Web/API/Window/btoa "Window: btoa() | MDN")) to get the following:

```
c2VhbkBleGFtcGxlLmNvbTpNeVZlcnlDb29sU2VjcmV0UGxlYXNlRG9udFN0ZWFs
```

This can be done in the browser console with the methods `btoa()` and `atob()` to confirm these values during testing.

```
> btoa('sean@example.com:MyVeryCoolSecretPleaseDontSteal')
'c2VhbkBleGFtcGxlLmNvbTpNeVZlcnlDb29sU2VjcmVOUGxLYXNIRG9udFNOZWFs'
```

```
> atob('c2VhbkBleGFtcG×lLmNvbTpNeVZlcnlDb29sU2VjcmV0UGxlYXNIRG9udFNZWFs')
'sean@example.com:MyVeryCoolSecretPleaseDontSteal'
```


## OpenAPI

````yaml POST /v1/auth/token
openapi: 3.1.0
info:
  title: Payroll Integrations Public API
  description: Public API for Payroll Integrations platform
  version: '2025-10-28T20:05:03Z'
  license:
    name: MIT
servers:
  - url: https://api.payrollintegrationsapp.com
    description: Prod environment
  - url: https://demo1-api.payrollintegrationsdemo.com
    description: Demo environment
  - url: https://demo2-api.payrollintegrationsdemo.com
    description: Demo environment
  - url: https://demo3-api.payrollintegrationsdemo.com
    description: Demo environment
security:
  - bearerAuth: []
paths:
  /v1/auth/token:
    post:
      tags:
        - Authentication
      summary: Get authentication token
      description: Generate a new auth token and session for the user
      operationId: getAuthToken
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthTokenRequest'
      responses:
        '200':
          description: Authentication response with access token
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
              example:
                accessToken: >-
                  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
                expiresIn: 3600
                tokenType: Bearer
        '400':
          description: Bad Request - Unsupported grant type
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Unauthorized - Invalid credentials or authentication failure
          headers:
            WWW-Authenticate:
              schema:
                type: string
                example: Basic
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - basicAuth: []
components:
  schemas:
    AuthTokenRequest:
      type: object
      required:
        - grantType
      properties:
        grantType:
          type: string
          description: OAuth2 grant type
          enum:
            - client_credentials
    AuthResponse:
      type: object
      required:
        - accessToken
        - expiresIn
        - tokenType
      properties:
        accessToken:
          type: string
          description: JWT access token
        expiresIn:
          type: number
          description: >-
            Token expiration time in seconds. Currently all tokens generated
            last 15 minutes.
        tokenType:
          type: string
          description: Type of the token
          enum:
            - Bearer
    Error:
      type: object
      required:
        - message
      properties:
        message:
          type: string
          description: Error message describing what went wrong
        errors:
          type: array
          description: Optional array of detailed error messages
          items:
            type: string

````