# Authentication

All the open APIs use a single authentication scheme: a Bearer JWT passed in the HTTP request header.

To obtain the access to [open APIs](https://docs.nftrainbow.xyz/api-reference/open-api), users have to do the following:

1. Use `app_id` and `app_secret` to call [login](https://docs.nftrainbow.xyz/api-reference/open-api/login#login) to get the JWT.
2. Add the `Authorization: Bearer {JWT}` in the request header to call the corresponding API. The corresponding example can refer to [sample](https://docs.nftrainbow.xyz/api-reference/open-api/login#request-sample).

{% hint style="info" %}
**Note:** `app_id` and `app_secret` are obtained from Rainbow Console.
{% endhint %}

The Bearer JWT is valid for one hour to call [open APIs](https://docs.nftrainbow.xyz/api-reference/open-api). Once the token is expired for one hour, users have to call [Refersh JWT](https://docs.nftrainbow.xyz/api-reference/open-api/login#refresh_token) to obtain a new JWT. The corresponding example can refer to [sample](https://docs.nftrainbow.xyz/api-reference/open-api/login#request-sample-1).

{% hint style="info" %}
**Note:** Bearer JWT is valid for five hours to call [Refersh JWT](https://docs.nftrainbow.xyz/api-reference/open-api/login#refresh_token). Once the token is expired for five hours, users have to call [login](https://docs.nftrainbow.xyz/api-reference/open-api/login#login) again.
{% endhint %}

To debug various error codes related to authentication, please see[ Error codes.](https://docs.nftrainbow.xyz/about-the-apis/error-codes)