Get a token
Exchange your API credentials for a **15-minute** bearer token. This is the only endpoint that does not require a token.
Credentials go in the `x-client-id` and `x-api-key` **headers** — there is no request body.
The service operator issues the client id and api key **once**; only a SHA-256 hash of the key is stored, so it cannot be recovered.
Authentication
x-client-idstring
API client id, issued by the service operator. Used only by /auth.
x-api-keystring
API key, issued by the service operator and shown once. Used only by /auth.
Headers
X-Request-Id
Correlation id. Generated if omitted, echoed on every response, and written to the audit log.
Response
OK
result
requestId
Echo of the inbound X-Request-Id, or a generated one.
Errors
401
Unauthorized Error