# Authentication endpoint

Authenticates a user using their credentials and returns an access token along with a refresh token.

This endpoint is typically used as the first step in the authentication flow. It verifies the user's credentials (e.g., username and password) and, if valid, issues tokens that can be used to access protected resources.

The returned access token should be included in the  header of subsequent API requests using the Bearer scheme.


- The access token is typically short-lived and used to authorize API requests.
- The refresh token is long-lived and can be used to obtain a new access token without re-authenticating.


- Credentials should be transmitted over HTTPS to ensure security.
- Refresh tokens must be securely stored and never exposed to third parties.
- Multiple failed login attempts may result in temporary blocking or rate limiting.


Endpoint: POST /integrator/authenticate
Version: 1.0.3

## Request fields (application/json):

  - `clientId` (string)
    Example: "integra"

  - `username` (string)
    Example: "api@coredobrasil.com.br"

  - `password` (string)
    Example: "core"

  - `grantType` (string)
    Example: "password"

## Response 200 fields (application/json):

  - `token` (string)

  - `refresh_token` (string)

  - `expiresIn` (integer)