# Authentication
Cornerstone APIs use the OAuth 2.0 authorization framework. Currently, Cornerstone only supports OAuth 2.0's Client Credential grant type. To retrieve an encrypted authentication token, pass your application's Client ID and Client Secret to the following URL: https://{environment}.csod.com/services/api/oauth2/token. The received token can then be passed in the request header of subsequent API calls. The token will include all endpoints that the application is allowed to access.
- Please note that there is an
expires_in
field in the response of the OAuth 2.0 token endpoint. This field contains the validity period of the OAuth 2.0 access token issued by Cornerstone in seconds. It is not required to generate a new access token for every API call. You can reuse the same access token until the token expires.