> For the complete documentation index, see [llms.txt](https://guide.fariaedu.com/integrations-portal/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://guide.fariaedu.com/integrations-portal/managebac/public-rest-apis/v2/authentication.md).

# Authentication

This group refers to endpoints related to authentication.

## Get all Permissions

> Retrieves all resources that the passed authentication token is currently\
> authorized to access. Nomenclature matches the API reference page in settings.\
> \
> This is an API configuration endpoint and does not correspond to a specific frontend page.<br>

```json
{"openapi":"3.0.3","info":{"title":"API V2","version":"v2"},"tags":[{"name":"Authentication","description":"This group refers to endpoints related to authentication."}],"servers":[{"url":"https://api.managebac.com","description":"CA ManageBac API server."},{"url":"https://api.managebac.cn","description":"CN ManageBac API server."},{"url":"https://api.us.managebac.com","description":"US1 ManageBac API server."},{"url":"https://api.managebac.us","description":"US2 ManageBac API server."},{"url":"https://api.managebactest.com","description":"UAT ManageBac API server."},{"url":"https://{Host}","variables":{"Host":{"default":"api.devel.managebac.com","enum":["api.devel.managebac.com","api-faria.devel.managebac.com","api.managebac.dev"]}}}],"security":[{"bearerAuth":[]},{"authTokenQuery":[]},{"authTokenHeader":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","description":"OAuth 2.0 Bearer token obtained via client credentials grant. Pass the token in the Authorization header as `Bearer <token>`."},"authTokenQuery":{"type":"apiKey","name":"auth_token","in":"query","description":"Your V2 API authentication token may be passed in the parameters. To protect your key, use [environment variables](https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key)."},"authTokenHeader":{"type":"apiKey","name":"auth-token","in":"header","description":"Your V2 API authentication token may be passed in the header. To protect your key, use [environment variables](https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key)."}},"schemas":{"AuthPermissionsResponse":{"type":"object","properties":{"permissions":{"type":"array","items":{"type":"string"}}}}}},"paths":{"/v2/auth/permissions":{"get":{"summary":"Get all Permissions","operationId":"listTokenResources","tags":["Authentication"],"description":"Retrieves all resources that the passed authentication token is currently\nauthorized to access. Nomenclature matches the API reference page in settings.\n\nThis is an API configuration endpoint and does not correspond to a specific frontend page.\n","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthPermissionsResponse"}}}}}}}}}
```

## Obtain an Access Token

> Obtain an OAuth 2.0 access token using the Client Credentials grant.\
> Pass your application's \`client\_id\` and \`client\_secret\` along with\
> \`grant\_type=client\_credentials\`. Optionally request a subset of the\
> scopes configured on the application. The returned Bearer token can\
> then be used in the \`Authorization\` header for all other API endpoints.<br>

```json
{"openapi":"3.0.3","info":{"title":"API V2","version":"v2"},"tags":[{"name":"Authentication","description":"This group refers to endpoints related to authentication."}],"servers":[{"url":"https://api.managebac.com","description":"CA ManageBac API server."},{"url":"https://api.managebac.cn","description":"CN ManageBac API server."},{"url":"https://api.us.managebac.com","description":"US1 ManageBac API server."},{"url":"https://api.managebac.us","description":"US2 ManageBac API server."},{"url":"https://api.managebactest.com","description":"UAT ManageBac API server."},{"url":"https://{Host}","variables":{"Host":{"default":"api.devel.managebac.com","enum":["api.devel.managebac.com","api-faria.devel.managebac.com","api.managebac.dev"]}}}],"security":[],"paths":{"/oauth/token":{"post":{"summary":"Obtain an Access Token","operationId":"createOAuthToken","tags":["Authentication"],"description":"Obtain an OAuth 2.0 access token using the Client Credentials grant.\nPass your application's `client_id` and `client_secret` along with\n`grant_type=client_credentials`. Optionally request a subset of the\nscopes configured on the application. The returned Bearer token can\nthen be used in the `Authorization` header for all other API endpoints.\n","parameters":[],"responses":{"200":{"description":"Token issued successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenResponse"}}}},"400":{"description":"Invalid scope requested","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenError"}}}},"401":{"description":"Invalid client credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenError"}}}}},"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthTokenRequest"}}}}}}},"components":{"schemas":{"OAuthTokenResponse":{"type":"object","properties":{"access_token":{"type":"string","description":"The Bearer token (JWT) to use in the Authorization header."},"token_type":{"type":"string","enum":["Bearer"],"description":"Always `Bearer`."},"expires_in":{"type":"integer","description":"Token lifetime in seconds."},"scope":{"type":"string","description":"Space-separated list of granted scopes."},"created_at":{"type":"integer","description":"Token creation timestamp (Unix epoch)."}},"required":["access_token","token_type","expires_in","scope","created_at"]},"OAuthTokenError":{"type":"object","properties":{"error":{"type":"string","description":"Error code."},"error_description":{"type":"string","description":"Human-readable error message."}},"required":["error","error_description"]},"OAuthTokenRequest":{"type":"object","properties":{"grant_type":{"type":"string","enum":["client_credentials"],"description":"The OAuth 2.0 grant type. Only `client_credentials` is supported for server-to-server API access."},"client_id":{"type":"string","description":"The `client_id` (Application ID) of your OAuth application."},"client_secret":{"type":"string","description":"The `client_secret` of your OAuth application."},"scope":{"type":"string","description":"A space-separated list of scopes to request. Must be a subset of the scopes configured on the application. If omitted, all scopes defined on client creation will be granted."}},"required":["grant_type","client_id","client_secret"]}}}}
```
