> ## Documentation Index > Fetch the complete documentation index at: https://rollout.mintlify.app/llms.txt > Use this file to discover all available pages before exploring further. # Getting your API Key This guide explains how to: * Get your API key for Rollout’s universal API * Generate an auth token ## Step 1: Get a Client ID and Secret [Request access](/contact) to get a Rollout account and dashboard access. In your Rollout dashboard, you can view and copy your Client ID and Client Secret. ### Credential Storage Model * Your app stores your Rollout Client ID and Client Secret and uses them to mint short-lived JWTs. * Rollout stores and manages upstream OAuth tokens / API keys for connected systems (CRM/TMS/LOS/Email). * If needed, you can query connected credentials through the Rollout API (for example via `/api/credentials`) for inspection and operational workflows. Never include your Client Secret in your source code or send it to your front-end. If you believe your Secret has been compromised, please contact us immediately at [support@rollout.com](mailto:support@rollout.com). ## Step 2: Generate an Auth Token Once you have a Client ID and Client Secret, you can generate an `authToken`. The `authToken` is a JSON Web Token (JWT), which is a secure, short-lived token used to authenticate your app with the Rollout API and UI components. In the `authToken` you will also embed a unique ID to identify your user (this could be an agent’s user ID or a brokerage’s user ID or any other user entity). Here is how to generate your `authToken` ```javascript JavaScript theme={null} const jwt = require('jsonwebtoken'); /** * Generate a JWT token that expires in 15 minutes. * @param {string} userId - User identifier * @returns {string} JWT token */ function generateToken(userId) { const now = Math.floor(Date.now() / 1000); return jwt.sign( { iss: process.env.ROLLOUT_CLIENT_ID, sub: userId, iat: now, exp: now + 900, // 15 minutes }, process.env.ROLLOUT_CLIENT_SECRET, { algorithm: 'HS512' } ); } // Example usage: const token = generateToken('user123'); ``` ```python Python theme={null} import jwt import time import os def generate_token(user_id: str) -> str: """Generate a JWT token that expires in 15 minutes.""" return jwt.encode( { "iss": os.environ.get("ROLLOUT_CLIENT_ID"), "sub": user_id, "iat": int(time.time()), "exp": int(time.time()) + 900, # 15 minutes }, os.environ.get("ROLLOUT_CLIENT_SECRET"), algorithm="HS512", ) ``` ```ruby Ruby theme={null} require 'jwt' def generate_token(user_id) now = Time.now.to_i JWT.encode( { iss: ENV['ROLLOUT_CLIENT_ID'], sub: user_id, iat: now, exp: now + 900 # 15 minutes }, ENV['ROLLOUT_CLIENT_SECRET'], 'HS512' ) end ``` ```php PHP theme={null} getenv('ROLLOUT_CLIENT_ID'), 'sub' => $userId, 'iat' => $now, 'exp' => $now + 900, // 15 minutes ]; return JWT::encode($payload, getenv('ROLLOUT_CLIENT_SECRET'), 'HS512'); } ``` ```java Java theme={null} import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import java.time.Instant; import java.util.Date; public class TokenGenerator { public static String generateToken(String userId) { Instant now = Instant.now(); return Jwts.builder() .setIssuer(System.getenv("ROLLOUT_CLIENT_ID")) .setSubject(userId) .setIssuedAt(Date.from(now)) .setExpiration(Date.from(now.plusSeconds(900))) // 15 minutes .signWith(SignatureAlgorithm.HS512, System.getenv("ROLLOUT_CLIENT_SECRET")) .compact(); } } ``` ```csharp C# theme={null} using System; using System.IdentityModel.Tokens.Jwt; using Microsoft.IdentityModel.Tokens; using System.Text; public static string GenerateToken(string userId) { var now = DateTimeOffset.UtcNow; var secret = Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_SECRET"); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)); return new JwtSecurityTokenHandler().WriteToken( new JwtSecurityToken( issuer: Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_ID"), claims: new[] { new System.Security.Claims.Claim("sub", userId) }, issuedAt: now.DateTime, expires: now.AddMinutes(15).DateTime, signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha512) ) ); } ``` ```go Go theme={null} package main import ( "os" "time" "github.com/golang-jwt/jwt/v5" ) func generateToken(userId string) (string, error) { now := time.Now() token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{ "iss": os.Getenv("ROLLOUT_CLIENT_ID"), "sub": userId, "iat": now.Unix(), "exp": now.Add(15 * time.Minute).Unix(), }) return token.SignedString([]byte(os.Getenv("ROLLOUT_CLIENT_SECRET"))) } ``` Install libraries for your stack: * JavaScript: `npm install jsonwebtoken` * Python: `pip install pyjwt` * Ruby: `gem install jwt` * PHP: `composer require firebase/php-jwt` * Java (Maven): add `io.jsonwebtoken:jjwt:0.9.1` * C#: add `System.IdentityModel.Tokens.Jwt` * Go: `go get github.com/golang-jwt/jwt/v5` Remember to always generate your `authToken` on your server in order to keep your Client Secret secure. The best practice is to create a route in your web app or endpoint in your API to generate a Rollout token and then fetch that from your front end.