# Authentication Once an Admin has generated API credentials, as described in [Getting started](/products/stablecoin/api/get-started), the following steps describe how to obtain and use a JSON web token (JWT) to make calls to the Ripple Mint API. ## Step 1: Obtain an access token Use the [Obtain an access token](/products/stablecoin/api/reference/rlusd-openapi#operation/getAccessToken) API operation to get a JSON web token using your API credentials: ``` POST https://api.ripple.com/v2/oauth/token ``` ### Request Here is the structure of the HTTP request: ```http POST /v2/oauth/token HTTP/1.1 Host: api.ripple.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials &client_id= &client_secret= &audience=urn:ripplexcurrent-prod: ``` ### Response The response contains an access token in the form of a JSON Web Token (JWT). ```json { "access_token": "", "token_type": "Bearer", "expires_in": 3600 } ``` | Field | Description | | --- | --- | | `access_token` | JWT to include in all API requests | | `token_type` | Always `Bearer` | | `expires_in` | Token validity in seconds (1 hour) | Tokens expire after 1 hour. Request a new token before expiry using the same client credentials — no refresh token is issued. > **Note:** Token length varies between requests — do not validate by character length. ### Alternative: Basic Auth Header Instead of passing `client_id` and `client_secret` in the request body, you can send them as a Basic Auth header: ```http POST /v2/oauth/token HTTP/1.1 Host: api.ripple.com Content-Type: application/x-www-form-urlencoded Authorization: Basic grant_type=client_credentials &audience=urn:ripplexcurrent-prod: ``` ## Step 2: Use the Token Include the access token in the `Authorization` header of every API request: ``` Authorization: Bearer ``` ## OAuth Scopes | Scope | Access | | --- | --- | | `rlusd_customers:read` | Read transaction data |