# Client ID, Secret ID, and Token Creation

Xoxoday uses bearer authentication, where each request must include an HTTP header that includes your Client ID, Secret ID, and Access Token. The following guide explains how to generate your client ID, secret ID, and access tokens from the admin portal.

## Generating Client ID & Secret Key

### Step 1: Use our [marketplace](https://stores.xoxoday.com/) URL to log in to your plum admin account.

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FazAk18D409KqSLCCpF9X%2FMarketplace-1.png?alt=media&#x26;token=8348da5f-2e9c-44fe-9295-1ef47a7ae65d" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FiPQfrco3OyUiiex55H8H%2FMarketplace-2.png?alt=media&#x26;token=1fd77fbe-c5e1-42b7-a9ee-27bbd203e756" alt=""><figcaption></figcaption></figure>

### Step 2: Generate Client ID

In the next step, Click "**Settings**" tab from the header and select "**API**" on the left panel.

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FNQVELZ6jyMhKNSFNYFF1%2FClient-ID-Rewards-API.png?alt=media&#x26;token=2936b125-15c8-47a5-a5b9-13bfdf8effe4" alt=""><figcaption></figcaption></figure>

You can now see the "**Reward API**" tab. Click on the "**Generate Client ID**" button.

A pop-up will appear showing the scope of Integration i.e Plum PRO API, click on the Save button.

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FbYNAI7qUHbwlkgJhHITH%2FPlum-PRO-Pop-up-2.png?alt=media&#x26;token=4a84bd37-7da9-4f3f-93a0-5d6a54c824de" alt=""><figcaption></figcaption></figure>

You will now be able to find **Client ID** and **Secret ID** on the dashboard as shown below.

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2F1w5S02118843atBdk1KH%2FClient-ID-Secret-ID-Dashboard.png?alt=media&#x26;token=35d5fcb5-f33d-4df7-8dc2-0a5dddd0ba49" alt=""><figcaption></figcaption></figure>

### Step 3: Generating Access & Refresh token

Now you have the client id and secret key, you can generate both the access and refresh token by clicking on the " **Generate Token**" button.

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FUdHogxdArRz0tjDZlcOm%2FGenerate-New-Tokens.png?alt=media&#x26;token=7257e3df-b0ef-4601-bd76-59f1bf680d97" alt=""><figcaption></figcaption></figure>

**You can copy the newly generated tokens for further use.**

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FxquH3zxb4E8BniqDSn5S%2FCopy-Token-Details.png?alt=media&#x26;token=72b00a71-9809-467a-9c39-a48cbf24e4f0" alt=""><figcaption></figcaption></figure>

**Note: Once you have both the token, you can manage your tokens via these** [**steps**](https://xoxoday.gitbook.io/plum/developer-resources/overview-of-reward_api/api-endpoints-1/authentication/token-management)

**PLEASE NOTE:**

OAUTH\_URL value for\
**Development -** [ **https://stagingaccount.xoxoday.com/chef**](https://stagingaccount.xoxoday.com/chef)

**Production -** [**https://accounts.xoxoday.com/chef**](https://accounts.xoxoday.com/chef)\
\ <br>