# Authorization

All global platform API require an authorization token to work. The authorization token, once obtained, contains all of the information required for subsequent calls to be completed.

An authorization token can be requested using the following call:

### Account wide Token Request

Using your account API Key, you can require an Authorization token using the following request:

```bash
curl --location --request POST 'https://<NODE>.xenioo.com/authorization/code' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>"
}'
```

An authorization token grants access to all of the API methods for about 60 minutes. When the authorization token expires, a new authorization token must be requested by repeating the very same request.

### Bot Level Token Request

Some API endpoints, such as Xenioo Database API Interface will require a token related to a very specific chatbot. To create such token the authorization request must contain the bot API Token and Secret like in the example below:

```bash
curl --location --request POST 'https://<NODE>.xenioo.com/authorization/code' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>",
	"BotAPIKey":"<Your bot API Key>",
	"BotAPISecret":"<Your bot API Secret>"
}'
```

### Response

If the request is successful, Xenioo will reply with an authorization token that may look like this:

```javascript
{
    "Token": "dmO/lbiq5FN+oyrAF3BLhdo[...]",
    "Expires": 60
}
```

The expire information indicates for how many minutes the token is valid.

### Response Codes

This endpoint will reply with the following standard HTTP codes.

| Code | Meaning                                                                                                                                |
| ---- | -------------------------------------------------------------------------------------------------------------------------------------- |
| 200  | Ok. The request has been successfully fulfilled.                                                                                       |
| 400  | Bad Request. The call does not contain the data required to be fulfilled.                                                              |
| 404  | Not Found. The specified account API key has not been found                                                                            |
| 403  | Unauthorized. The specified account API key is related to a free account or an account that cannot integrate with Global Platform API. |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs10.xenioo.com/xenioo-api/globa-platform-api/authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.