> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omneo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Omneo API using OAuth 2.0 or bearer tokens.

Before making calls to the Omneo API, you need an authentication token. Omneo supports OAuth 2.0 password credentials and pre-generated bearer tokens.

<Note>
  For all integration tokens, create a dedicated **Machine User** named after the system being integrated (e.g., `shopify-integration@brand.com`). All tokens for that system should be created under that account. You can safely update the Machine User's password in CX Manager without needing to regenerate tokens.
</Note>

## Method 1: OAuth 2.0

You need the following credentials (provided by your Omneo Administrator):

| Item          | Description                                 |
| ------------- | ------------------------------------------- |
| Username      | Your Omneo user email                       |
| Password      | Your Omneo user password                    |
| Client ID     | Your OAuth client ID                        |
| Client Secret | Your OAuth client secret                    |
| Scope         | `*` for all scopes, or specific scope names |

Request a token:

```javascript theme={null}
const response = await fetch(
  'https://api.[tenant-handle].getomneo.com/api/v3/auth/token',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({
      grant_type: 'client_credentials',
      client_id: '[client-id]',
      client_secret: '[client-secret]',
      username: '[username]',
      password: '[password]',
      scope: '*'
    })
  }
);
const { access_token } = await response.json();
```

## Method 2: Bearer token from CX Manager

Administrators can generate pre-configured bearer tokens in CX Manager:

1. Navigate to **Settings → API Tokens → Add Token**
2. Select the required scopes
3. Select **Add Token**: copy the token immediately (it cannot be viewed again)

Use the token in all API requests:

```shell theme={null}
curl -H 'Accept: application/json' \
     -H "Authorization: Bearer ${TOKEN}" \
     https://api.[tenant-handle].getomneo.com/api/v3/profiles
```

## Method 3: Shopify authentication

For Shopify storefront integrations, authenticate using the Shopify customer ID and an HMAC signature:

```liquid theme={null}
{% assign customerId = customer.id %}
{% assign customerSignature = customer.id | hmac_sha256: shop.metafields.omneo.id_secret %}
```

```javascript theme={null}
const response = await fetch(
  `https://api.${tenant}.getomneo.com/shopify/api/v1/auth/token`,
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      id: customerId,
      signature: customerSignature
    })
  }
);
const { token } = await response.json();
localStorage.setItem('shapes:omneo:shapestoken:' + customerId, token);
```

<Note>
  The `shapes:omneo:` prefix is a legacy naming artefact preserved for compatibility with the deployed Shopify plugin. The token itself is the current `IDToken` used by the [Omneo SDK](/dev-guides/frontend/omneo-id).
</Note>

## Method 4: Proxy authentication

For SFCC and other proxy-based integrations, direct authentication requests through the configured proxy:

```javascript theme={null}
const response = await fetch(`${PROXY_URL}/login`, {
  method: 'POST',
  headers: {
    'Authorization': 'Basic ' + btoa(username + ':' + password)
  }
});
const { token, expiry } = await response.json();
```

## Your Omneo API base URL

Your API base URL is unique to your tenant:

```
https://api.[your-tenant].getomneo.com/api/v3
```

Find your tenant name in the CX Manager URL: `https://[tenant].manager.getomneo.com`
