> Portal Navigation:
> 
> - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version.
> - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages).
> - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`).
> - Top-level index of all portals: https://dev.wix.com/docs/llms.txt
> - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt

## Resource: Make REST API Calls Using OAuth

## Article: Make API Calls with OAuth

## Article Link: https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/oauth/make-rest-api-calls-using-oauth.md

## Article Content:

# Make REST API Calls Using OAuth

> **Note:** This article is only relevant for [self-managed headless projects](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/about-self-managed-headless.md). [Wix-managed headless projects](https://dev.wix.com/docs/go-headless/develop-your-project/wix-managed-headless/about-the-wix-cli-for-headless.md) handle this automatically.

After you set up [an OAuth app](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/about-authentication.md) for your site or app in your project dashboard, you can begin coding by getting OAuth tokens and using them to make API calls.

## Step 1 | Generate tokens

There are several ways to generate tokens. Which way you choose depends on the type of user you need tokens for and whether you use a Wix login page or a custom login for members.

- **Visitors**: To generate tokens for visitors who aren't logged into your site or app, see [Handle Visitors](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/visitors/handle-visitors-using-the-rest-api.md).
- **Members with a Wix login page**: To generate tokens for logged in members using a Wix login page, see [Handle Members with Managed Login](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/members/wix-login-page/wix-managed-login-using-the-rest-api.md).
- **Members with a custom login page**: To generate tokens for logged in members using a custom login page, see [Handle Members with Custom Login](https://dev.wix.com/docs/go-headless/develop-your-project/self-managed-headless/authentication/members/custom-login-page/custom-login/custom-login-using-the-rest-api.md).

When you generate tokens with any of the above methods, you get two tokens:

- **Access token**: Access tokens are used to authorize API calls. Every time you make an API call, you need to authorize the call using a valid access token. Access tokens are short-lived. They are valid for 4 hours from the time they are created.
- **Refresh token**: Refresh tokens are used to get new access tokens after your access tokens have expired. Refresh tokens are long-lived.

## Step 2 | Make an API call

Once you have your tokens, you can use them to make API calls. Use the access token in the authorization header when making an API call.

```sh
curl POST \
'https://www.wixapis.com/stores/v1/products/query' \
-H 'Content-Type: application/json' \
-H 'Authorization: <ACCESS_TOKEN>' \
-d '{
        "includeVariants": true
    }'
```