> ## Documentation Index
> Fetch the complete documentation index at: https://docs.go.gbgplc.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Manage API clients
> Create and manage API clients for your organisation
The **Clients** tab in the **Account management** portal lets you create and manage API clients for your organisation. API clients use the `client_credentials` grant type, which allows you to attach roles directly to an API client without requiring a user account.
Only users with the customer administrator role can perform these tasks.
## Create an API client
To create an API client, follow these steps:
1. In GBG GO, click **Account management**.
The Account management portal opens in a new tab.
2. Log in to the **Account management** portal with your GBG GO credentials.
3. Click **Clients**.
4. Click **Add**.
5. In the **Name** field, enter a name for your API client. For example, "GO API Client."
6. Select a department in the Department list.
7. Click **Add**.
The **Client added** screen displays your client ID and client secret.
Copy your client secret now and store it somewhere safe. This is the only time you can access the secret. If you need it again, then you must generate a new secret.
## Assign a role to an API client
You must assign a role to an API client before it can authenticate API requests.
1. Click **Back** to return to the Clients tab. You'll see the API client you just created in the list of clients.
2. Click the API client you just created.
3. Click the **Roles** tab.
4. Click **Add**.
5. Navigate to the **Roles** tab.
6. Click **Add**.
7. Assign the Go API Access role to the client.
8. Click **Add role**. A success alert message is displayed at the top of the page.
## Regenerate a client secret
If you lose your client secret, you can regenerate it. However, this invalidates the previous secret, and any applications using the old secret will no longer be able to authenticate API requests.
To regenerate a client secret, follow these steps:
1. In the **Clients** tab, click the three dots on the right side of the API client you want to regenerate the secret for.
2. Click **Regenerate Secret**.
3. Click **Regenerate Secret** in the confirmation dialog.
The new client secret is displayed in a success alert message at the top of the page. Copy the new client secret and store it somewhere safe.
If you regularly rotate your client secret, set up two API clients and alternate between them. This separates the credential change in your production system from regenerating an individual secret, so you can rotate secrets without downtime.
## Request an access token
Once you have created an API client and assigned a role, you can request an access token.
Send a `POST` request to the `/as/token.oauth2` endpoint with the following parameters:
| Parameter | Value | Description |
| --------------- | -------------------- | --------------------------------------------------------------- |
| `grant_type` | `client_credentials` | The authentication method. Must be set to `client_credentials`. |
| `client_id` | Your client ID | The client ID generated when you created the API client. |
| `client_secret` | Your client secret | The client secret generated when you created the API client. |
| `scope` | `gbg.token` | The scope required to authenticate with GBG GO. |
Example request:
```bash cURL theme={null}
curl --request POST \
--url https://api.auth.gbgplc.com/as/token.oauth2 \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
--data 'client_id=your-client-id' \
--data 'client_secret=your-client-secret' \
--data 'scope=gbg.token'
```
For details on the response schema, refer to the [Generate access token](/docs/go-v2/api-reference/endpoint/generate-access-token) endpoint reference.