> ## Documentation Index
> Fetch the complete documentation index at: https://docs.paxos.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure API Credentials

> API credentials using Client ID and Secret. Set allowed scopes to access specific API endpoints.

Most API endpoints require authentication with a **Client ID** and **Secret**. Each **Client ID** has a specific set of allowed scopes (**Permissions**) to access API endpoints. Scopes allowed on an API client may be updated at any time in the Dashboard **Admin > API Management** section.

<Tip>
  Contact your [Entity Manager](guides/dashboard/roles#entity-manager) if you need permissions to manage API credentials.
</Tip>

When setting scopes, Paxos recommends following the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) and only allow scopes required by a specific application. Scopes for each endpoint are listed in the **Authorizations** section in the [API Reference docs](/api-reference/introduction). The [Market Data](/api-reference/endpoints/market-data) and most [Pricing](/api-reference/endpoints/pricing) endpoints do not require authorization.

1. Go to **Admin > API Management** to add new credentials.

<Tip>
  The Developer Sandbox is completely segregated from production, so credential configuration must take place in both environments.

  * **Developer Sandbox**: [https://dashboard.sandbox.paxos.com/admin/api](https://dashboard.sandbox.paxos.com/admin/api)
  * **Production**: [https://dashboard.paxos.com/admin/api](https://dashboard.paxos.com/admin/api)
</Tip>

1. Create a **Label** for your API credentials and select the **Scopes** for your **Client ID**. For example, the following scopes (space delimited) should be adequate to [mint](/guides/developer/orchestrations/mint), [redeem](/guides/developer/orchestrations/redeem) and [convert](/guides/developer/orchestrations/convert) Paxos-issued stablecoins:<br /><br />
   ```shell theme={null}
   orchestration:read_orchestration
   orchestration:write_orchestration
   orchestration:read_orchestration_rule
   orchestration:write_orchestration_rule
   funding:read_profile
   funding:write_profile
   transfer:read_deposit_address
   transfer:read_transfer
   transfer:read_fiat_account
   transfer:read_fiat_deposit_instructions
   transfer:write_internal_transfer
   transfer:write_crypto_withdrawal
   transfer:write_deposit_address
   transfer:write_fiat_account
   transfer:write_fiat_deposit_instructions
   transfer:write_fiat_withdrawal
   ```
2. Save the credentials.
3. Copy the **Client ID** and **Client Secret** and store them in a safe place. The secret will not be displayed in the UI again and will have to be reset if forgotten.

Once you have the **Client ID** and **Client Secret**, you can [authenticate in Sandbox](/guides/developer/authenticate).