Create an API token

The steps in this section can only be performed by users with the Retailer Admin role.

To create an API token for your organisation:

1. From Netstream go to Retailer Settings and, in the API Security section, click Register.

Netstream will display your API registration information

1. Copy the API registration information above into the following HTTP request:

   POST https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
   
   Host: login.microsoftonline.com
   Content-Type: application/x-www-form-urlencoded
   
   client_id={Application ID}
   &client_secret={Client Secret}
   &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
   &grant_type=client_credentials
   

2. Check the response. If successful you should receive a JSON payload with an access_token field - this is your JWT token.

   {
       "token_type": "Bearer",
       "expires_in": 3599,
       "ext_expires_in": 3599,
       "access_token": "eyJhbGci..."
   }
   

When your client program wants to access a protected Netstream API endpoint, the user agent should send the JWT, typically in the Authorisation HTTP header using the Bearer schema. The content of the header might look like the following:

`Authorization: Bearer eyJhbGci...`

The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources.