> ## Documentation Index
> Fetch the complete documentation index at: https://docs.daysync.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Apply for API Access

> How to request Daysync integration credentials and what you'll receive.

Daysync issues integration credentials through the [Integrations Portal](https://integrations.daysync.com). You submit an application, Daysync reviews it, and on approval your app is provisioned with credentials.

## What you'll receive

On approval, two credentials unique to your app:

<CardGroup cols={2}>
  <Card title="x-api-key" icon="hashtag">
    Identifies your partner application at the API gateway, and serves as your OAuth **client ID**. Looks like `dk_live_…`
  </Card>

  <Card title="x-api-secret" icon="lock">
    Authenticates your application — on every API call and as your OAuth **client secret**. **Treat as a password.** Looks like `ds_…`
  </Card>
</CardGroup>

<Note>
  There is **no separate OAuth client**. Your `x-api-key` / `x-api-secret` *are* your OAuth client ID and secret (used with HTTP Basic auth at the token endpoint). See [Authentication](/authentication).
</Note>

## How to apply

<Steps>
  <Step title="Open the Integrations Portal">
    Go to the [Integrations Portal](https://integrations.daysync.com) and sign in with your Daysync account (sign up at [app.daysync.com](https://app.daysync.com) if you don't have one), then start a new application.
  </Step>

  <Step title="Fill out the application">
    You'll provide:

    * **Company name**
    * **Website**
    * **Application name** (shown to users on the consent screen)
    * **Contact email** for the developer who will integrate
    * **Use case** — what you're building and why
    * **Scopes** you need from the [Scopes & Permissions](/scopes) list
    * **Redirect URIs** — your OAuth callback URL(s); see [Callback URLs](/callback-urls)
  </Step>

  <Step title="Daysync reviews">
    Your application goes to a review queue. Once approved, your app is provisioned and your **`x-api-key`** and **`x-api-secret`** are shown **once** — store them immediately in your secret manager. They're stored only as a bcrypt hash and can't be recovered, only rotated.
  </Step>

  <Step title="Run the quickstart">
    Follow the [Quickstart](/quickstart) to make your first authenticated API call within \~15 minutes of approval.
  </Step>
</Steps>

## Changing things after approval

Most changes are self-service on your app page in the portal:

* **Redirect URIs** — add or remove callback URLs yourself; changes take effect immediately (see [Callback URLs](/callback-urls)).
* **Additional scopes** — request more scopes from your app page; the request goes to a Daysync reviewer.
* **Rotating your `x-api-secret`** — rotate from your app page (suspected compromise, employee departure, scheduled hygiene). Rotation supports an overlap window so you can roll the secret without downtime.

<Note>
  Scope expansion doesn't invalidate existing tokens, but your users may need to re-consent to the new scopes before their tokens carry them.
</Note>

## Notes

<AccordionGroup>
  <Accordion title="Do I get a separate OAuth client ID/secret?">
    No. Your `x-api-key` / `x-api-secret` are your OAuth client credentials — there's no shared client and no separate Cognito registration. See [Authentication](/authentication).
  </Accordion>

  <Accordion title="Sandbox environment access">
    Daysync currently operates a single production environment. Use `is_demo: true` on tours you create for testing — see [Environments](/environments).
  </Accordion>

  <Accordion title="A test Daysync user account">
    You'll need a real Daysync user to test the OAuth flow. Sign up at [app.daysync.com](https://app.daysync.com) or use an existing test account on your team.
  </Accordion>
</AccordionGroup>

Questions the portal doesn't answer? Email `support@daysync.com`.
