> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipevest.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

### OAuth 2.0

All API endpoints are authenticated using [OAuth 2.0](https://oauth.net/2/) standards. A client Id and client secret
must be exchanged for a shortlived access token. This access token is then used to authenticate further requests.

### Auth Flow Diagram

The following diagram illustrates the authentication flow with Pipevest.

<img className="block dark:hidden" height="200" src="https://mintcdn.com/pipevest/l6kPGYU9W55pgekc/images/auth-flow.png?fit=max&auto=format&n=l6kPGYU9W55pgekc&q=85&s=0c7bee23d58e6dc5b060458125df0082" data-path="images/auth-flow.png" />

<img className="hidden dark:block" height="200" src="https://mintcdn.com/pipevest/l6kPGYU9W55pgekc/images/auth-flow-dark.png?fit=max&auto=format&n=l6kPGYU9W55pgekc&q=85&s=c21716ca26861a44478d54b28f2978ce" data-path="images/auth-flow-dark.png" />

### Usage

<Steps>
  <Step title="Access Token Request">
    ```bash theme={null}
      curl --request POST \
        --url https://api.pipevest.com/v1/oauth/token \
        --header 'Content-Digest: sha-512=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:' \
        --header 'Content-Length: 18' \
        --header 'Content-Type: application/x-www-form-urlencoded' \
        --header 'Signature: ...' \
        --header 'Signature-Input: ...' \
        --data 'clientId=<client-id>'
        --data 'clientSecret=<client-secret>'
    ```
  </Step>

  <Step title="Authenticate Requests with Token">
    <Tip>The access token is passed into the authorization header as a bearer token</Tip>

    ```bash theme={null}
      curl --request GET \
        --url https://api.pipevest.com/v1/customers \
        --header 'Signature: ...' \
        --header 'Signature-Input: ...' \
        --header 'Authorization: Bearer <access-token>' \
        --header 'X-Client-Id: <client-id>' \
    ```
  </Step>
</Steps>

### Scopes

<Note>
  Granular scopes are yet to be implemented. All tokens are scoped to have both
  `READ` and `WRITE` permissions
</Note>

| Name    | Permission                        | Status   |
| ------- | --------------------------------- | -------- |
| `read`  | Read access across all resources  | `ACTIVE` |
| `write` | Write access across all resources | `ACTIVE` |

<Card title="HTTP Signatures" icon="file-signature" href="/concepts/http-signature/overview" horizontal>
  Learn how to use HTTP signatures to improve API integrity
</Card>
