> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rails.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authorization

> Understanding API authorization

## Prerequisites

We use a token-based authorization system. Before requesting access tokens, make sure your API credentials are set up by following the [API Keys](/latest/api-keys) guide.

## Access Token

The platform issues short-lived access tokens used by both REST and WebSocket APIs where required.
To obtain an access token, call the [Get Access Token](/latest/get-access-token) endpoint with your API credentials.
The token endpoint is rate limited to **20 requests per minute per API key**, so cache and reuse tokens rather than requesting a new one for every call.

## Token Management

Access tokens expire every 30 minutes (`expires_in` = 1800 seconds). To minimize unnecessary requests and avoid rate limits:

* Cache and reuse tokens until expiry
* Refresh proactively a few minutes before expiration

## Errors & Troubleshooting

* Unauthorized (`401`): Verify `X-Api-Key`/`X-Api-Secret` and token validity.
* Expired token: Refresh using the token endpoint before `expires_in`.
* Excessive requests: Respect rate limits; cache tokens and refresh sparingly.
