> ## Documentation Index
> Fetch the complete documentation index at: https://docs.homele.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Homele CRM API

# Authentication

The API uses **Bearer token** authentication via Laravel Sanctum.

## Generating a Token

1. Go to **Settings > API Integration** in the CRM dashboard
2. Enter a name for the token (e.g. "SAP Integration")
3. Select the permissions you want to grant
4. Optionally set an expiry date
5. Click **Generate**
6. Copy the token immediately — it won't be shown again

## Using the Token

Include the token in the `Authorization` header of every request:

```bash theme={null}
curl -H "Authorization: Bearer 1|abc123def456..." \
     https://<your-domain>/api/v2/crm/customers
```

## Permissions

Each token is created with specific permissions that control what it can access:

| Permission      | Description                    |
| --------------- | ------------------------------ |
| `customer:read` | View customer list and details |

Tokens without the required permission for an endpoint will receive a `403` response.

## Token Management

* Tokens can be revoked at any time from **Settings > API Integration**
* Each token shows its last used time and expiry date
* Revoked tokens are immediately invalidated

## Rate Limiting

All API requests are rate limited to **60 requests per minute** per user. When the limit is exceeded, you'll receive a `429` response with a `Retry-After` header.