# Authentication ## Generate a JWT Token - [POST /accountmanager.getjsonwebtoken](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/user-admin/post-accountmanager.getjsonwebtoken.md): Generates and returns a non-expiring JSON Web Token for the authenticated user. Allows to restrict the scope of the token by a list of permissions. Used for integration purposes. >Information: >The request header must contain real credentials (i.e. not just a session cookie). ## Generate a JWT Token (time limited) - [POST /accountmanager.getjsonwebtoken/{minutes}](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/user-admin/post-accountmanager.getjsonwebtoken-minutes.md): Generates and returns an expiring JSON Web Token for the authenticated user. Used for integration purposes. >Information: >The request header must contain real credentials (i.e. not just a session cookie). ## Get a One Time Token - [POST /accountmanager.getonetimetoken](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/user-admin/post-accountmanager.getonetimetoken.md): Generates a one time auth token (for the authenticated user). The token can be, for example, sent via a URL GET parameter. ## Generate a JWT Token - [POST /accountmanager.getjsonwebtoken](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-accountmanager.getjsonwebtoken.md): Generates and returns a non-expiring JSON Web Token for the authenticated user. Allows to restrict the scope of the token by a list of permissions. Used for integration purposes. >Information: >The request header must contain real credentials (i.e. not just a session cookie). ## Generate a JWT Token (time limited) - [POST /accountmanager.getjsonwebtoken/{minutes}](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-accountmanager.getjsonwebtoken-minutes.md): Generates and returns an expiring JSON Web Token for the authenticated user. Used for integration purposes. >Information: >The request header must contain real credentials (i.e. not just a session cookie). ## Get a One Time Token - [POST /accountmanager.getonetimetoken](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-accountmanager.getonetimetoken.md): Generates a one time auth token (for the authenticated user). The token can be, for example, sent via a URL GET parameter. ## Get an Authentication Token (API V2 only) - [POST /token](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-token.md): Retrieves the access token, token type and the refresh token. ## Delete an Authentication Token (API V2 only) - [DELETE /token](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/delete-token.md): Invalidates an access token. ## Refresh an Authentication Token (API V2 only) - [POST /token/refresh](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-token-refresh.md): Retrieves a new access token, token type, the refresh token, and expiration time. ## User Login (V1) - [GET /login/extended](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/get-login.md): Authenticates a user. When the user is authenticated, the logged-in user's details (including all roles and permissions) are returned in the response body. CSRF check is not performed by this endpoint, because the user is authenticated using the basic HTTP auth. ## Authenticate with SAML - [POST /saml/signon](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-saml-signon.md): Redirects to the Identity Provider (IdP) for authentication. ## OAuth Authorization Request - [POST /oauth/authorize](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-oauth-authorize.md): The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. See https://datatracker.ietf.org/doc/html/rfc6749#section-3.1 for details. At the end of the flow it will send a code value back to/via the redirecttion URL specified in the client’s config & initial request (as they need to be the same). ## Access Token Request - [POST /oauth/token](https://api.pricefx.com/openapi/reference/pricefx-server_openapi/authentication/post-oauth-token.md): Request to obtain the access token in the OAuth authorization process. See https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 for details.