> ## Documentation Index
> Fetch the complete documentation index at: https://docs.layerfi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Initial Setup

> Get started making calls to the Layer API

## Prerequisites

Before getting started with Layer's API, you will need:

* A Layer account. Reach out to your Layer contact or [contact our team](https://www.layerfi.com/contact).
* Client credentials (`client_id` and `client_secret`) provided by Layer.

## Environments

Layer provides two environments for development and production use:

| Environment    | Base URL                      | OAuth Scope                           |
| -------------- | ----------------------------- | ------------------------------------- |
| **Sandbox**    | `https://sandbox.layerfi.com` | `https://sandbox.layerfi.com/sandbox` |
| **Production** | `https://api.layerfi.com`     | `https://api.layerfi.com/production`  |

Use sandbox for development and testing. All examples in this guide use the sandbox environment.

<Steps>
  <Step title="Obtain your client credentials">
    Layer uses OAuth2's client credentials flow to authenticate API clients. To start your development, we will give you a set of `client_id` and `client_secret` tokens.

    <Info>
      To obtain a set of client credentials, reach out to your Layer contact or contact our team [here](https://layerfi.com/contact).
    </Info>
  </Step>

  <Step title="Get a bearer token">
    Calls to the Layer API require a bearer access token. To receive an access token and make calls to other API endpoints, provide your `client_id` and `client_secret` in the body of a POST request to Layer's authorization server.

    <CodeGroup>
      ```bash cURL theme={null}
      curl -X POST https://auth.layerfi.com/oauth2/token  \
        -u <client_id>:<client_secret>  \
        -H "Content-Type: application/x-www-form-urlencoded" \
        --data-urlencode "grant_type=client_credentials" \
        --data-urlencode "scope=https://sandbox.layerfi.com/sandbox" \
        --data-urlencode "client_id=<client_id>"
      ```

      ```python Python theme={null}
      import requests
      from requests.auth import HTTPBasicAuth

      response = requests.post(
          "https://auth.layerfi.com/oauth2/token",
          auth=HTTPBasicAuth("<client_id>", "<client_secret>"),
          headers={"Content-Type": "application/x-www-form-urlencoded"},
          data={
              "grant_type": "client_credentials",
              "scope": "https://sandbox.layerfi.com/sandbox",
              "client_id": "<client_id>"
          }
      )

      token_data = response.json()
      access_token = token_data["access_token"]
      ```

      ```javascript Node.js theme={null}
      const axios = require('axios');

      const getAccessToken = async () => {
        const response = await axios.post(
          'https://auth.layerfi.com/oauth2/token',
          new URLSearchParams({
            grant_type: 'client_credentials',
            scope: 'https://sandbox.layerfi.com/sandbox',
            client_id: '<client_id>'
          }),
          {
            auth: {
              username: '<client_id>',
              password: '<client_secret>'
            },
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded'
            }
          }
        );

        return response.data.access_token;
      };
      ```
    </CodeGroup>

    The authorization server will respond with your granted access token:

    ```json theme={null}
    {
      "access_token": "<access_token>",
      "expires_in": 3600,
      "token_type": "Bearer"
    }
    ```

    Extract the `access_token` value from the response. You'll use this in the `Authorization` header for all API requests.
  </Step>

  <Step title="Make a test API call">
    Use the access token to make a request to the API by including it as a Bearer token in the authorization header.

    <CodeGroup>
      ```bash cURL theme={null}
      curl https://sandbox.layerfi.com/whoami \
        -H "Authorization: Bearer <access_token>" 
      ```

      ```python Python theme={null}
      import requests

      response = requests.get(
          "https://sandbox.layerfi.com/whoami",
          headers={"Authorization": f"Bearer {access_token}"}
      )

      print(response.json())
      ```

      ```javascript Node.js theme={null}
      const axios = require('axios');

      const response = await axios.get(
        'https://sandbox.layerfi.com/whoami',
        {
          headers: {
            'Authorization': `Bearer ${accessToken}`
          }
        }
      );

      console.log(response.data);
      ```
    </CodeGroup>

    The API will respond with your client name and client id:

    ```json theme={null}
    {
      "data":{
        "type":"whoami",
        "clientName":"Layer Example",
        "clientId":"018f1657-dc66-7482-917b-c0c0e532f52b"
      }
    }
    ```

    <Info>
      Access tokens expire after 1 hour. To refresh your access token, make another call to Layer's authorization endpoint with your `client_id` and `client_secret`. We recommend refreshing tokens for new sets of requests rather than persisting access tokens.
    </Info>
  </Step>
</Steps>

## Next Steps

Now that you're authenticated, you can:

* [Onboard a business](/guides/business-onboarding) - Create your first business in Layer
* [Import financial data](/guides/importing-data-overview) - Start passing transaction data
* [Explore the API reference](/api-reference/business/business) - Learn about available endpoints
* [Set up embedded components](/guides/embedded-components) - Add Layer's pre-built UI components to your platform