# Get and use an Authorization Token

To gain access to our API, you need a valid token in an [Authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization)![](https://1603615932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Mb7UCYXOrIqSvqbGTR2%2Fuploads%2Fbdlx8v4ady44WZ7x7y0K%2F16x16_2.png?alt=media\&token=63e63f36-8c7e-4f14-b435-1aabf76a9cdb). The token is granted by our API in exchange for a [Client ID / Client Secret pair](https://docs.certn.co/api/guides/use-the-api). This can also be handled by third party OAuth client libraries.

Example Python request (replace CLIENT\_ID and CLIENT\_SECRET):

{% code fullWidth="false" %}

```python
import requests

data = {
    'grant_type': 'client_credentials',
}

response = requests.post('https://api.certn.co/token/', data=data, auth=('CLIENTID', 'CLIENTSECRET'))
```

{% endcode %}

* Replace `TOKEN` with your API key in the following header:

```python
{ 'Authorization': 'Bearer TOKEN' }
```

{% hint style="info" %}
Include this header in every call to our API, and keep it secure. It is your access key.‌
{% endhint %}

## Token lifespan

Token lifespan is indicated by the `expires_in` parameter returned when a new token is requested. The default value is `36000` seconds (10 hours).