# Authenticity Token Creation
import ResponseCodes from './codigos-de-resposta.md';
import ApiDoc from '../../../../../src/components/api-doc/ApiDoc';
The authenticity token generation service is mandatory in some generic operations flows. As a result of this service, the merchant will obtain a token by the authenticity URL that will be needed for the next steps in the flow.
## Detalhes da chamada
- Resource: `/v1/token`
- HTTP method: `GET`
- Request format: `JSON`
- Response format: `JSON`
- Header parameters:
[block:parameters]
{
"data": {
"h-0": "Parameter",
"h-1": "Description",
"h-2": "Type (Size)",
"h-3": "Mandatory",
"0-0": "`merchant_id`",
"0-1": "Store code on Carat Portal. The production and certification codes will be different.",
"0-2": "AN (\\<15)",
"0-3": "Yes",
"1-0": "`merchant_key`",
"1-1": "Store authentication key on Carat Portal. The production and certification keys will be different.",
"1-2": "AN (\\<80)",
"1-3": "Yes"
},
"cols": 4,
"rows": 2,
"align": [
"center",
"left",
"center",
"center"
]
}
[/block]
Then, Carat Portal will send a POST HTTPS request (x-www-form-urlencoded) to the registered URL, this POST contains the information necessary to obtain the token to be used in generic operations.
**Authenticity POST Simulation:**
To use this example, don't forget to define the variable `{{url}}` with the value
****
```bash
curl -X POST \
https://merchantAuthenticityUrl.com \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'token=1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqr
```
> **Attention:** It's essential that the merchant's Authenticity URL site receives the authenticity token and return `HTTP 200`. It is condition to Carat Portal consider this POST as successful.
If the authenticity POST has been successful, Carat Portal will return merchant request with a `"responseCode": "0"` code.