# Authentication

These steps are intended for LSports customers (users with the **Admin and DEFEND Manager** role, for technical users only) to obtain and use non-expiring credentials to access DEFEND services.

1. The admin user should invite the technical users and add for each of them the '**DEFEND manager'** role (with this role, they could generate the API Tokens for the DEFEND integration).
2. **To generate a non-expiring API token, here are the steps:**
   1. Log in to the ARENA360 platform.
   2. Click on your name icon in the top-right corner → **User Management**.
   3. Select **API Tokens** from the sidebar.
   4. Click **Generate Token**.
   5. Enter a **Description** (e.g., "DEFEND").
   6. Assign the DEFEND Admin role.
   7. Under **Expiration**, select **Never**.
   8. Click **Create** and **Copy** the **Client ID** and **Secret Key**.
      1. **THIS CRUCIAL CREDENTIAL WILL BE AVAILABLE ONLY ONCE!! COPY AND SAVE IT!**
3. **Exchange API Credentials for Access & Refresh Tokens**
   * **Endpoint**:

     `POST https://authentication.lsports.eu/identity/resources/auth/v1/api-token`
   * **Headers**:

     `Content-Type: application/json`
   * **Body**:

     `{ "clientId": "<Client ID>", "secret": "<Secret Key>" }`
   * **Response**:

     `{ "expires": "<Thu, 22 May 2025 11:49:22 GMT>", "expiresIn": 1800, "accessToken": "<JWT access token>", "refreshToken": "Refresh token>" }`
   * **Notes**:
     * accessToken `expiresIn` = 30 minutes.
     * `refreshToken` lives for 7 days.
4. **Refresh the Access Token**
   * **Endpoint**:

     `POST https://authentication.lsports.eu/identity/resources/auth/v2/api-token/token/refresh`
   * **Headers**:

     `Content-Type: application/json`
   * **Body**:

     `{ "refreshToken": "<Previous refreshToken>" }`
   * **Response**:

     `{ "expires": "<Thu, 22 May 2025 11:49:22 GMT>", "expiresIn": 1800, "accessToken": "<JWT access token>", "refreshToken": "Refresh token>" }`
5. **Use the Access Token**\
   For every API call to DEFEND backend services, include the latest `accessToken` in the `Authorization` header:

   `Authorization: Bearer <accessToken>`

Remember, the accessToken expires every 30 minutes.

{% embed url="<https://drive.google.com/file/d/1vMUTdaU4E5fmXUKTkdL1_EdA0zXOs7vQ/view?usp=sharing>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lsports.eu/u/defend/integration-guide/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.