![Secure](/assets/secure.73f43c0b56cafdbca393d6edea8e6d3953645a6cb579333a3be2a3b356853425.9c1bb791.png)

# Authentication

The Fibre Cafe uses the industry standard OAuth 2.0 authorization protocol with Client Credentials flow for server-to-server
authentication. For more information about OAuth 2.0, see [oauth.net](https://oauth.net/2).

All requests to the Fibre Cafe must be authenticated and include a valid access token. This token must be retrieved from the token
endpoint by specifying your client credentials: client id and client secret.

The access tokens created are JWT (JSON Web Token) with a TTL expiry of 1 hour. Where possible, tokens should be re-used in request
flows and not created for each request.

IP whitelisting is also enabled for all calls to the CVT and production environments. All callers must provide the static public IP
address for any inbound traffic - this should be part of the onboarding process or via support once onboarded.

See [Authentication API](/openapi/auth-api/fibre-gateway-authentication) for more details.