> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wizcommerce.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Token

> Create a new API token for the authenticated user

<Note>
  Please note that generated tokens will be expired after 1 year automatically. Once it is expired, please generate new token.
</Note>

## 🔐 Security Notice

**Important:** Keep your API token secure and never share it publicly.

* ✅ **Store securely**: Save the `access_token` in a secure location
* ✅ **Use in headers**: Include as `X-API-Key` header in all API requests
* ✅ **Don't commit**: Never commit tokens to version control
* ✅ **Rotate regularly**: Generate new tokens periodically for security

## 📋 Example Usage

```bash theme={null}
curl -X GET https://api.wizcommerce.com/v1/products \
  -H "X-API-Key: YOUR_ACCESS_TOKEN_HERE"
```

## ⚠️ Token Security

* **Never expose** your token in client-side code
* **Use environment variables** to store tokens
* **Regenerate** if you suspect it's been compromised


## OpenAPI

````yaml post /auth/token
openapi: 3.0.0
info:
  description: Open API's for WizCommerce API's
  title: WizCommerce Open API's
  termsOfService: https://wizcommerce.com/terms/
  contact:
    name: Tech Support
    url: https://help.wizcommerce.com/
    email: tech@wizcommerce.com
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
  version: '1.0'
servers:
  - url: https://api.wizcommerce.com
    description: Production BaseURL
  - url: https://api-staging.sourcerer.tech
    description: Staging BaseURL
security: []
paths:
  /auth/token:
    post:
      tags:
        - Authentication
      summary: Create API Token
      description: Create a new API token for the authenticated user
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/auth.LoginRequest'
        description: Login credentials
        required: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/auth.LoginResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
        '429':
          description: Too Many Requests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errors.HttpError'
components:
  schemas:
    auth.LoginRequest:
      type: object
      required:
        - email
        - password
      properties:
        email:
          type: string
          example: user@example.com
        password:
          type: string
          example: password123
    auth.LoginResponse:
      type: object
      properties:
        token_id:
          type: string
          x-order: '1'
          example: token_123
        token_type:
          type: string
          x-order: '2'
          example: Bearer
        expires_at:
          type: string
          x-order: '3'
          example: '2026-01-01T00:00:00Z'
        user:
          allOf:
            - $ref: '#/components/schemas/auth.UserInfo'
          x-order: '4'
        access_token:
          type: string
          x-order: '0'
          example: api_prod_abc123...
    errors.HttpError:
      type: object
      properties:
        code:
          type: string
          x-order: '1'
        message:
          type: string
          x-order: '2'
        details:
          type: array
          items:
            $ref: '#/components/schemas/errors.HttpErrorDetails'
          x-order: '3'
    auth.UserInfo:
      type: object
      properties:
        email:
          type: string
          x-order: '1'
          example: user@example.com
        first_name:
          type: string
          x-order: '2'
          example: John
        last_name:
          type: string
          x-order: '3'
          example: Doe
        tenant_id:
          type: string
          x-order: '4'
          example: tenant_456
        id:
          type: string
          x-order: '0'
          example: user_123
    errors.HttpErrorDetails:
      type: object
      properties:
        field:
          type: string
          x-order: '1'
        reason:
          type: string
          x-order: '2'

````