---
title: API Authentication | Crewkerne Timebank
description: Exchange your client credentials for a short-lived bearer token, then attach it to every request as Authorization: Bearer <token>.
canonical: https://app.project-nexus.ie/crewkerne-timebank/developers/auth
generated: 2026-05-20T15:34:08.794Z
---### 1. Get client credentials

Your community admin provisions a client_id and client_secret in the admin console. The secret is shown only once at creation time.

### 2. Exchange for a token

POST your credentials to /api/partner/v1/oauth/token. The response includes access_token, expires_in (3600s), and granted scope.

### 3. Call the API

Attach the token to the Authorization header. Tokens are scoped — the API will return 403 insufficient_scope if you exceed your grant.

curl example JavaScript example

```
# 1. Exchange credentials for an access token
curl -X POST https://api.project-nexus.ie/api/partner/v1/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "pk_xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "client_secret": "sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "scope": "users.read wallet.read"
  }'

# 2. Use the token on subsequent calls
curl https://api.project-nexus.ie/api/partner/v1/users \
  -H "Authorization: Bearer at_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```