= Authentication =
There are two kinds of tokens, long life tokens which have read only access, and refresh tokens which generate tokens that can read and make changes.
To use most API endpoints you will need to include a token header.
'''Step 1: Get an invite code'''== Invite codes and refresh tokens ==
'''Step 1: Get an invite code or long life token''' Invite codes and long life tokens can be generated here [https://beds24.com/control3.php?pagetype=apiv2 Invite Codes]
For more information about invite codes, [[API_V2.0#Invite_codes|see here]].
This step is the only one that must be done manually, all other steps can be performed and automated programmatically.
'''Step 2: Get If using an invite code, get a refresh token using the invite code''' Skip this step if using a long life token
You can use the invite code generated in step one with GET /authentication/setup.
This will return a ''token'' and a ''refresh token''.
<span style="color:#019cde; font-size: 150%;“ >{{#fas:info-circle}} </span> ''Tokens'' generated from refresh tokens expire after 24 hours.
'''Step 3: Use the token to authenticate calls'''
The ''token'' returned in step 2 (either a long life token or a token generated using a refresh token) can be included as a header to authenticate calls to other API endpoints. <span style="color:#019cde; font-size: 150%;“ >{{#fas:info-circle}} </span> ''Tokens'' expire after 24 hours.
'''Step 4: Use the refresh token to generate new tokens'''
==How long do invite codes/tokens last?==
Invite codes expire after 15 minutes24 hours.
Refresh tokens last forever so long as they are being used. Unused refresh tokens expire after 30 days.
Long life tokens last forever so long as they are being used. Unused long life tokens expire after 90 days. Tokens generated from refresh tokens expire after 24 hours.
==How big are tokens?==