> ## Documentation Index > Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create Auth Token to Initialise the SDK > Use this API to generate an authentication token required to initialise the Cashfree SDK by passing your `app_id`, and product name (such as Video KYC) in the request body. ## OpenAPI ````yaml post /oauth/token openapi: 3.0.0 info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html contact: email: developers@cashfree.com name: API Support url: https://discord.com/invite/QdZkNSxXsB title: Cashfree Verification API's. version: '2023-12-18' description: >- Cashfree's Verification APIs provide different types of verification to our merchants. servers: - description: Sandbox Server url: https://sandbox.cashfree.com/verification - description: Production Server url: https://api.cashfree.com/verification security: [] tags: - name: Aadhaar description: Operations related to Aadhaar verification. - name: BAV V2 description: Operations related to Bank account verification v2. - name: PAN description: Operations related to PAN verification. - name: Digilocker description: Operations related to Digilocker verification. - name: E-sign description: Operations related to E-sign verification. - name: Reverse Penny Drop description: Operations related to Reverse Penny Drop verification. - name: UPI Penny Drop description: Operations related to UPI Penny Drop verification. - name: Mobile Penny Drop description: Operations related to Mobile Penny Drop verification. - name: IP description: Operation related to IP verification. - name: UPI description: Operations related to UPI verification. - name: Passport description: Operation related to Passport verification. - name: CIN description: Operation related to CIN verification. - name: Name Match description: Operation related to Name Match verification. - name: PAN to GSTIN description: Operation related to PAN to GSTIN. - name: Face Match description: Operation related to Face Match verification. - name: Voter ID description: Operation related to Voter ID verification. - name: Reverse Geocoding description: Operation related to Reverse Geocoding. - name: Vehicle RC description: Operation related to Vehicle RC verification. - name: Driving License description: Operation related to Driving License verification. - name: GSTIN description: Operation related to GSTIN verification. - name: Account Aggregator description: Operations related to Account aggregator. - name: OTPLess description: Operations related to OTPLess Verification. - name: 1-Click description: Operations related to 1-Click. - name: Smart OCR description: Operations related to Smart OCR. - name: Geocoding description: Operations related to Geocoding. - name: Udyam description: Operation related to Udyam verification. - name: PAN to Udyam description: Operation related to PAN to Udyam. paths: /oauth/token: post: tags: - Auth summary: Create Auth Token to Initialise the SDK description: >- Use this API to generate an authentication token required to initialise the Cashfree SDK by passing your `app_id`, and product name (such as Video KYC) in the request body. operationId: vrs-generate-auth-token parameters: - $ref: '#/components/parameters/x_cf_signature' - $ref: '#/components/parameters/global_x_api_version' requestBody: $ref: '#/components/requestBodies/CreateAuthRequest' responses: '200': $ref: '#/components/responses/AuthResponse' '400': $ref: '#/components/responses/Response400VkycRequest' '401': $ref: '#/components/responses/Response401' '403': $ref: '#/components/responses/Response403' '404': $ref: '#/components/responses/ResponseVKYCRequest404' '429': $ref: '#/components/responses/Response429' '500': $ref: '#/components/responses/Response500V2' security: - XClientID: [] XClientSecret: [] components: parameters: x_cf_signature: description: >- Send the signature if two-factor authentication is selected as Public Key. [More details](https://www.cashfree.com/docs/api-reference/vrs/getting-started#2fa-api-signature-generation). name: x-cf-signature in: header required: false schema: type: string example: '' global_x_api_version: description: API version to be used. Format is in YYYY-MM-DD. name: x-api-version in: header required: true schema: type: string default: '2024-12-01' example: '2024-12-01' example: '2024-12-01' requestBodies: CreateAuthRequest: description: Request payload for create auth token to initialise the SDK. required: true content: application/json: schema: $ref: '#/components/schemas/CreateAuthRequestSchema' responses: AuthResponse: description: >- Success response for generating an authentication token required to initialize the SDK. content: application/json: schema: $ref: '#/components/schemas/AuthResponseSchema' examples: Success: value: access_token: >- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c expires_at: 2024-02-02 17:30:00 IST Response400VkycRequest: description: BadRequest. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: VKYC Request Invalid: value: type: validation_error code: vkyc_request_id_value_invalid message: Please enter a valid vkyc_request_id Phone Invalid: value: type: validation_error code: phone_value_invalid message: Please enter a valid phone Email Invalid: value: type: validation_error code: email_value_invalid message: Please enter a valid email Response401: description: Invalid client ID and client secret combination. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: Invalid client ID and client secret combination: value: type: authentication_error code: authentication_failed message: Invalid clientId and clientSecret combination Response403: description: Authentication error (IP not whitelisted). content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: IP not whitelisted: value: type: authentication_error code: ip_validation_failed message: >- IP not whitelisted your current ip is 106.51.91.104.For IP whitelisting assistance, visit our guide at https://www.cashfree.com/docs/secure-id/get-started/integration/ip-whitelisting-verification x-cf-signature header missing: value: type: validation_error code: authentication_failed message: x-cf-signature missing in the request header ResponseVKYCRequest404: description: vkyc request not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: VKYC Reference Id not found: value: type: validation_error code: reference_id_not_found message: reference_id does not exist. VKYC Verification Id not found: value: type: validation_error code: verification_id_not_found message: verification_id does not exist. Response429: description: Rate limit exceed error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: Rate limit error per operation: value: type: rate_limit_error code: too_many_requests_per_operation message: Too many requests for this operation, rate limit reached Rate limit error per IP: value: type: rate_limit_error code: too_many_requests_per_ip message: Too many requests from the IP, rate limit reached Response500V2: description: Internal error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseSchema' examples: Internal Server Error: value: type: internal_error code: verification_failed message: something went wrong schemas: CreateAuthRequestSchema: type: object required: - metadata - app_id - authenticated_user - product properties: app_id: description: >- It is the unique identifier for the OAuth application. This is used to authenticate and authorize the application making the request. **Note**: Please contact your Account Manager to create an `app_id` for the VKYC product. In the future, this will be self-serve via the Merchant Dashboard. type: string example: app_id_for_vkyc product: description: >- The product for which the authentication token is generated. In this case, it should be "VKYC". type: string example: VKYC metadata: type: object required: - vkyc_request_id description: The metadata associated with the authentication token. properties: vkyc_request_id: description: >- It is the unique identifier for the VKYC request, used for associating the access token with a specific verification session. type: string example: 249749 authenticated_user: description: The identifier of the authenticated user. type: object required: - identifier_type - identifier_value properties: identifier_type: description: It defines the type of identifier used to identify the user. type: string example: userId identifier_value: description: It is the value of the identifier used to identify the user. type: string example: 123456 AuthResponseSchema: type: object example: value: access_token: >- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c expires_at: 2024-02-02 17:30:00 IST properties: expiry: type: string description: >- The timestamp (in IST) when the token will expire. A new token must be generated after this time. example: '2025-05-05T18:01:05+05:30' access_token: type: string description: The generated access token to be used for subsequent VKYC API calls. example: mH5tVmtwod4J9GhCXwTuygd2zRZn4pj5 ErrorResponseSchema: type: object properties: code: type: string example: x-client-id_missing error: type: object example: ref_id: 102 message: type: string example: x-client-id is missing in the request. description: It displays the outcome of the error. type: type: string example: validation_error description: It displays the type of error. securitySchemes: XClientID: type: apiKey in: header name: x-client-id description: >- Your unique client identifier issued by Cashfree. You can find this in your [Merchant Dashboard](https://merchant.cashfree.com/verificationsuite/developers/api-keys). XClientSecret: type: apiKey in: header name: x-client-secret description: >- The secret key associated with your client ID. Use this to authenticate your API requests. You can find this in your [Merchant Dashboard](https://merchant.cashfree.com/verificationsuite/developers/api-keys). ````