> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.umnai.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.umnai.com/_mcp/server.

# User credentials

Use user credentials when your integration needs to act on behalf of a user.

For most backend services, scheduled workflows, and account-scoped automation, use [account credentials](./account-api-credentials) instead.

## What you need

You need permission to create user API credentials in the dashboard, or you need credentials issued by a user with the right access.

User credentials consist of a token and secret. Store them securely and do not expose them in client-side code, logs, notebooks, or shared configuration files.

## Create user credentials

Create user credentials in the dashboard.

Create user credentials

Copy the generated token and secret. You will exchange these values for an access token.

## Exchange credentials for an access token

Send the user credentials to the authentication endpoint with `grant_type: "user_token"`.

```bash
curl --request POST "$UMNAI_API_URL/oauth/token" \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=user_token" \
  --data-urlencode "token=USER_TOKEN" \
  --data-urlencode "secret=USER_TOKEN_SECRET"
```

### Response (200)

```json
{
  "access_token": "eyJhbGaiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCx6Ijg5YzlmMzdhIn0.eyJzdWIiOiI4ZjQxOWE2Zi1lNDUxLTRiYjItYmQ0Ny1kZGIxZjVmYjM1N2MiLCJuYW1lIjoiSm9zZXBoIE1hc2luaSIsImVtYWlsIjoiam9zZXBoLm1hc2luaUB1bW5haS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibWV0YWRhdGEiOnsibGFzdFRlcm1zQ2hlY2siOiIyMDI1LTAyLTI4VDE3OjA3OjU2LjU3M1oifSwicm9sZXMiOlsiQWRtaW4iXSwicGVybWlzc2lvbnMiOlsiZmUuYWNjb3VudC1zZXR0aW5ncy5yZWFkLmFwcCIsImZlLmNvbm5lY3Rpdml0eS4qIiwiZmUuc2VjdXJlLioiLCJ1bW5haS5tb2RlbHMuZGVsZXRlLnBlcm1hbnRlbnRseURlbGV0ZSJdLCJ0ZW5hbnRJZCI6ImNmNWIwOTNlLTdmNjUtNDgwZS05ODEwLTdmZWI3ODY0OTIyMiIsInRlbmFudElkcyI6WyJjMDU1MmUzZC00ZWI0LTQyODktOTg2Yi1mMGVkMWU0YWM3OWMiLCJjZjViMDkzZS03ZjY1LTQ4MGUtOTgxMC03ZmViNzg2NDkyMjIiXSwicHJvZmlsZVBpY3R1cmVVcmwiOiJodHRwczovL3d3dy5ncmF2YXRhci5jb20vYXZhdGFyLzA3ZDQ1YmE5Nzk2MDExZGQ5ZmRiZDJiMzkyZmM5NDdkP2Q9aHR0cHM6Ly91aS1hdmF0YXJzLmNvbS9hcGkvSm9zZXBoK01hc2luaS8xMjgvcmFuZG9tIiwiZXh0ZXJuYWxJZCI6bnVsbCwicGhvbmVOdW1iZXIiOm51bGwsInNpZCI6ImJmZmZjZjNmLTE3ODkt4GRhNi1hN2JkLThkZTRkMGUwODYwYiIsInR5cGUiOiJ1c2VyVG9rZW4iLCJhcHBsaWNhdGlvbklkIjoiZmJhMzE3YjQtNmIyMS00NjZhLTlkMjktZDZjZTNlZWEzZWVhIiwiYXVkIjoiODljOWYzN2EtMmQyNC00ZmE2LWJlMTItYjkxOGM4ZmIzZDEzIiwiaXNzIjoiaHR0cHM6Ly9hcHAtaXIwZXhsajh0a3ZnLmZyb250ZWdnLmNvbSIsImlhdCI6MTc3NDU0MDA1MSwiZXhwIjoxNzc3MTMyMDUxfQ.WTbu-NBi9NSxn9y4tusGJIentDWkDWF2uwcGwp3Ms_2e7yxyqJLSjYXgLjj3oZUs-oVbTJaRmFDPK7B5x8eiyUoD7WxhkcOBTwzFMkcQMkVEVCxCO_zeI_xVPz1auxiKmfNEMcToYMpxkiX401b5Oq_59vESpZPvWhsrV-eLxnADsEV8B2hGEmemAcb_64JJIHipyDfpclpznMzirE6KEJ6AEMlE3BedKV2g0Zb_jsBsQNxY-ZH-EgcGYSc8ft8JlhQZCvva32YD8Z2eJV3BIycGsEs9vnMd1RXiEL3ZrJm7T9S_fzKkIQ5d2Qarg9PAdNBOIPYFsb2Y2klkvs-GsQ",
  "token_type": "Bearer",
  "expires_in": 2592000
}
```

The `user_token` grant type is a custom grant type. If you use a standard OAuth client library, you may need to configure this flow manually.

## Authorise API requests

Use the returned `access_token` as a bearer token on subsequent API requests.

```bash
Authorization: Bearer ACCESS_TOKEN
```

The response includes `expires_in`, which indicates how long the access token remains valid. When the token expires, exchange the user credentials for a new access token.