> For the complete documentation index, see [llms.txt](https://docs.paveapi.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.paveapi.com/hotspots/developer-docs/authentication/generate-access-token.md).

# Generate Access Token

Create access token by using [**`HMAC-SHA256`**](https://en.wikipedia.org/wiki/HMAC)

An access token can be generated by combining the api\_key and timestamp string with the provided api\_secret.

| Attribute        | Description                                        |
| ---------------- | -------------------------------------------------- |
| **`api_key`**    | Get it from your PAVE Developer dashboard          |
| **`api_secret`** | Get it from your PAVE Developer dashboard          |
| **`timestamp`**  | UTC Datetime string, example: 2021-05-30T12:49:19Z |

### Examples in Different Languages:

{% tabs %}
{% tab title="PHP" %}

```php
$token = hash_hmac('sha256', '<username>:<api_key>@<timestamp>', '<api_secret');
// https://www.php.net/manual/en/function.hash-hmac.php
```

{% endtab %}

{% tab title="Javascript" %}

```javascript
const crypto = require('crypto');

const apiKey = 'your_api_key';
const apiSecret = 'your_api_secret';
const username = 'your_username';
const timestamp = Math.floor(Date.now() / 1000); // current Unix timestamp in seconds

const message = `${username}:${apiKey}@${timestamp}`;
const accessToken = crypto.createHmac('sha256', apiSecret).update(message).digest('hex');
```

{% endtab %}

{% tab title="Python" %}

```python
import hashlib
import hmac
import time

api_key = 'your_api_key'
api_secret = 'your_api_secret'
username = 'your_username'
timestamp = str(int(time.time())) # current Unix timestamp in seconds

message = f'{username}:{api_key}@{timestamp}'
access_token = hmac.new(api_secret.encode('utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
```

{% endtab %}

{% tab title="Golang" %}

```go
package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"time"
)

func main() {
	apiKey := "your_api_key"
	apiSecret := "your_api_secret"
	username := "your_username"
	timestamp := time.Now().Unix()

	message := fmt.Sprintf("%s:%s@%d", username, apiKey, timestamp)
	hmac := hmac.New(sha256.New, []byte(apiSecret))
	hmac.Write([]byte(message))
	access_token := hex.EncodeToString(hmac.Sum(nil))

	fmt.Println(signature) // prints the HMAC-SHA256 signature
}
```

{% endtab %}

{% tab title="Swift" %}

```swift
import CommonCrypto
import Foundation

func hmacSha256(message: String, key: String) -> String {
    let messageData = message.data(using: .utf8)!
    let keyData = key.data(using: .utf8)!
    var hmacData = Data(count: Int(CC_SHA256_DIGEST_LENGTH))

    hmacData.withUnsafeMutableBytes { hmacPtr in
        CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), (keyData as NSData).bytes, keyData.count, (messageData as NSData).bytes, messageData.count, hmacPtr)
    }

    return hmacData.map { String(format: "%02hhx", $0) }.joined()
}

let apiKey = "your_api_key"
let apiSecret = "your_api_secret"
let username = "your_username"
let timestamp = String(Int(Date().timeIntervalSince1970))

let message = "\(username):\(apiKey)@\(timestamp)"
let accessToken = hmacSha256(message: message, key: apiSecret)
```

{% endtab %}

{% tab title="Kotlin" %}

```kotlin
import java.nio.charset.StandardCharsets
import java.security.Key
import java.security.MessageDigest
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec

fun main() {
    val apiKey = "your_api_key"
    val apiSecret = "your_api_secret"
    val username = "your_username"
    val timestamp = (System.currentTimeMillis() / 1000).toString()

    val message = "$username:$apiKey@$timestamp"
    val accessToken = hmacSha256(message, apiSecret)    
}

fun hmacSha256(message: String, key: String): String {
    val secretKey = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "HmacSHA256")
    val mac = Mac.getInstance("HmacSHA256")
    mac.init(secretKey)
    val hmac = mac.doFinal(message.toByteArray(StandardCharsets.UTF_8))
    return bytesToHex(hmac)
}

fun bytesToHex(bytes: ByteArray): String {
    return bytes.joinToString("") { "%02x".format(it) }
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
To generate the correct token, please make sure the combination string you are using with the 1) api\_key, 2) timestamp and 3) api\_secret are arranged in this order.
{% endhint %}

{% hint style="info" %}
To generate the correct token, please ensure your timestamp is using UTC Datetime. And use the matching timestamp to the one included in your header when generating your token.
{% endhint %}

{% hint style="info" %}
Replace&#x20;

```php
<username>
```

&#x20;with the primary account name that your representative initially provided. Do not set this as one of the user names you created in your dashboard.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.paveapi.com/hotspots/developer-docs/authentication/generate-access-token.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.