> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

Dynamic provides a robust API that allows developers to securely access their
dashboard environment's data and programmatically update settings relevant to
their Dynamic-powered application.

## Authentication

All APIs in this section require a bearer token used to authenticate requests
and make sure the caller is authorized to access the resources in the requests.

There are two different kinds of endpoints which require different kinds of bearer tokens:

### Non SDK endpoints

These are all endpoints designed to be call by an admin of the Dynamic environment.

#### Get an API token from Dashboard

1. Go to the your environment's dashboard
   [Developer Tab](https://app.dynamic.xyz/dashboard/developer/api)
2. In the "API Token" section, click on "Create Token"
3. Provide a name for the token. The best practice here would be to name the
   token after the system you intend to use this token with. A few examples:
   "Mycompany Admin", "Ben's personal token", or "background-job service".
4. Select the scoped actions and resources the API token can access. This will
   ensure that your API token only has the limited access it needs.
   See the [API Token Permissions](/overview/developer-dashboard/api-token-permissions) page.
5. **Make sure to copy the API token** before closing the modal. This is the
   last time you will have access to the plaintext API token! Dynamic DOES NOT
   have access to the plaintext API token anywhere. If you lose this API token,
   you will need to create a new one.
6. The token should start with the prefix `dyn_` followed by 56 alphanumeric
   characters.

#### Using the API token

Use the token generated through dashboard to programmatically access Dynamic's
API by adding it to the `Authentication` header of your HTTP request.

Example:

```bash curl theme={"system"}
curl \
--location 'https://app.dynamic.xyz/api/v0/environments/<<sandboxEnvironmentId>>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADD_YOUR_DYN_TOKEN_HERE'
```

### SDK endpoints

These are all endpoints designed to be called by the SDK itself, or by a user of the Dynamic environment who has a valid JWT.

#### Fetching a JWT from the SDK

Use the [getAuthToken](/react/reference/utilities/getauthtoken) utility function to fetch a JWT from the SDK.

Example:

```tsx React theme={"system"}
const authToken = getAuthToken();
```

#### Using the API token

Use the token generated through dashboard to programmatically access Dynamic's
API by adding it to the `Authentication` header of your HTTP request.

Example:

```bash curl theme={"system"}
curl \
--location 'https://app.dynamic.xyz/api/v0/environments/<<sandboxEnvironmentId>>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADD_YOUR_JWT_HERE'
```

## Standard errors

* `400` - Bad Request. The form of the request is invalid. Please check that
  the path parameters, query parameters, or the request's body contains the
  correct and expected information defined in our docs.
* `401`- Unauthorized. The endpoint that is being accessed requires an
  `Authorization` header.
* `403` - Forbidden. The token authorized for the HTTP call does not have
  access to the resource defined by the endpoint (eg. the specific environment,
  allowlist, user, etc.)
* `404` - Not found. The path of the requested resource could not be found.
  Please check that the URL path is correct or that the ID provided is correct.

## Rate Limits

Dynamic's API endpoints are subject to rate limits. Refer to [Rate Limits](/overview/rate-limits) for more information.
