> ## Documentation Index
> Fetch the complete documentation index at: https://docs.standardmetrics.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup

<Info>
  All endpoints are paginated and will return a maximum of 100 results per page. See individual endpoints and example responses for more details on pagination parameters. A maximum of 500 requests per minute can be made to our API.
</Info>

## 1. Getting Authenticated

To use our API you will need to make an <a href="/guides/initialsetup">OAuth application (or use an existing one)</a> in the developer settings tab on your Standard Metrics settings page.

Every Standard Metrics API request must be authenticated with a `Bearer Token` in the request header.
`Bearer Tokens` are temporary and can be created using the `client_id` and `client_secret` generated by your <a href="/guides/initialsetup">OAuth application</a>.

There are two ways to exchange your `client_id` and `client_secret` for a valid `Bearer Token` via the `/o/token/` endpoint:

## 2. Retrieving `Bearer Token` Here on the Docs

By going to the <a href="/api-reference/get-oauth-access-token">Get API Access Token</a> page.

1. Hitting `Try it ▶`.
2. Setting the `Authorization.username` field as your `client_id` and the `Authorization.password` field as your `client_secret` and hitting `Send`.

The resulting response will be of the following form:

```bash theme={null}
{
  "access_token": "ACCESS_TOKEN",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "read write"
}
```

Where your Bearer token is the `"access_token"` field. You can copy this token to be used as Bearer authentication in all of your requests. `Bearer Tokens` expire after one hour.

## 3. Retrieving `Bearer Token` Programmatically

Authentication example (with Python):

```python theme={null}
import base64

client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
credential = f"{client_id}:{client_secret}"
base64.b64encode(credential.encode("utf-8"))
b'ENCODED_CREDENTIAL'
```

You can now exchange this credential for an access token, eg:

```bash theme={null}
curl -X POST \
    -H "Authorization: Basic ENCODED_CREDENTIAL" \
    -H "Cache-Control: no-cache" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    "https://api.standardmetrics.io/o/token/" \
    -d "grant_type=client_credentials"
```

Receiving the following response:

```json theme={null}
{
    "access_token": "YOUR_ACCESS_TOKEN",
    "expires_in": 36000,
    "token_type": "Bearer",
    "scope": "read write"
}
```

## 4. Making requests

<Info>
  When making API requests, you must include your access token in the Authorization header with the "Bearer " prefix. For example:

  ```bash theme={null}
  curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
      "https://api.standardmetrics.io/api/v1/companies/"
  ```
</Info>

When using our docs, paste your `Bearer Token` into the `Authorization` field of any endpoint. Auth tokens persist across your sesion.

After retrieiving a token from the <a href="/api-reference/get-oauth-access-token">Get API Access Token</a> page, the field may auto fill with `Basic <base64 encoded client_id:client_secret>`. Be sure to fully replace this with your `Bearer` When
making any requests.

The field should read `Bearer <your_bearer_token>`.