> For the complete documentation index, see [llms.txt](https://multiset.gitbook.io/multiset/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://multiset.gitbook.io/multiset/basics/rest-api-docs/authentication.md).

# Authentication

### M2M Auth

{% hint style="warning" %}
To whitelist your domain and avoid CORS issues, follow the steps in [Configuring Allowed Domains (CORS)](/multiset/basics/credentials/configuring-allowed-domains-cors.md)
{% endhint %}

{% hint style="info" %}
Expiry time of the token is 30 minutes from the time a fresh token is generated.
{% endhint %}

{% openapi src="/files/Bx6nb0NA6pS1eMimBWoz" path="/m2m/token" method="post" %}
[m2mauth.yaml](https://3163433004-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FokTDI7QVY04Zvb1pQ8Ry%2Fuploads%2FBMvPcN9sev4YAIryeJGH%2Fm2mauth.yaml?alt=media\&token=a1bda066-906c-49fe-881c-0f4f7dc0c1d0)
{% endopenapi %}

## Code Examples

### Browser (JavaScript)

For client-side applications like WebXR, you can generate tokens directly in the browser:

```javascript
async function generateToken(clientId, clientSecret) {
  const authorization = "Basic " + btoa(`${clientId}:${clientSecret}`);

  const response = await fetch("https://api.multiset.ai/v1/m2m/token", {
    method: "POST",
    headers: {
      Authorization: authorization,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      clientId,
      clientSecret,
    }),
  });

  const { token, expiresOn, error } = await response.json();

  if (error) {
    throw new Error(error);
  }

  return { token, expiresOn };
}

// Usage
const { token, expiresOn } = await generateToken('YOUR_CLIENT_ID', 'YOUR_CLIENT_SECRET');
```

{% hint style="warning" %}
Browser-based authentication exposes your credentials in client-side code. This is suitable for prototyping and demos, but for production applications consider using a backend proxy to keep credentials secure.
{% endhint %}

### Node.js (Backend)

For server-side applications:

```javascript
async function generateToken(clientId, clientSecret) {
  const authorization = "Basic " + Buffer.from(`${clientId}:${clientSecret}`).toString('base64');

  const response = await fetch("https://api.multiset.ai/v1/m2m/token", {
    method: "POST",
    headers: {
      Authorization: authorization,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      clientId,
      clientSecret,
    }),
  });

  const { token, expiresOn, error } = await response.json();

  if (error) {
    throw new Error(error);
  }

  return { token, expiresOn };
}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://multiset.gitbook.io/multiset/basics/rest-api-docs/authentication.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
