# Getting Started

### Overview

The Circle Auth SDK provides a secure and efficient way to handle member authentication and token management in your server-side applications. The SDK exposes four main functions, allowing you to obtain, refresh, and revoke member access tokens securely.

This SDK was designed to be used on the server to avoid exposing your app token.&#x20;

{% hint style="info" %}
Do not run or expose any of these authentication functions in your client-side codebase.
{% endhint %}

### Generate your API Token

Your `API Token` identifies your community within Circle's server and enables you to perform administrative tasks, such as handling community data or generating new content.&#x20;

Follow [this guide](https://help.circle.so/p/sso-and-integrations/api/create-an-api-token-in-your-community) for instructions on how to generate your API Token.

> IMPORTANT: The API Token should be named \`Headless\` so Auth APIs can work correctly.

### Security Best Practices

* Keep your `API Token` secure by not exposing it to the client side. This SDK was designed to run on the server side to protect sensitive information.
* Securely store members’ `access_token` and `refresh_token` and use them for authenticated requests to our [Headless Member API](https://api-headless.circle.so/?urls.primaryName=Member%20APIs).
* Reinforce the authentication process’ security by refreshing the access tokens regularly.
* Revoking access\_token and refresh\_token whenever a member logs out or when the tokens are no longer needed can prevent unauthorized access.

### Error Handling

Calls to the SDK functions will return a <mark style="color:green;">`Success`</mark> response with the desired data or an error response if something goes wrong. Ensure errors are handled appropriately by providing the user with meaningful error messages whenever necessary.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://api.circle.so/apis/headless/auth-sdk/getting-started.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.