> ## Documentation Index
> Fetch the complete documentation index at: https://dev.smile.io/llms.txt
> Use this file to discover all available pages before exploring further.

# App authorization

Apps use an OAuth flow when being installed on a merchant's account. The OAuth flow results in the generation of an access token, which can then be used to make ongoing calls to Smile's [REST API](/api/introduction) on behalf of the authorized account. Read on to learn more about OAuth and how to make it work for your app.

<Columns cols={2}>
  <Card title="OAuth flow" icon="road-lock" href="/guides/apps/auth/oauth-flow" arrow="true">
    Learn how to connect and authorize your app with Smile and get credentials to make API calls on behalf of merchants.
  </Card>

  <Card title="OAuth errors" icon="hexagon-exclamation" href="/guides/apps/auth/oauth-errors" arrow="true">
    Learn errors work during the OAuth process and get clarity on what each error code means and what to do when it happens.
  </Card>
</Columns>

<Columns cols={2}>
  <Card title="Access scopes" icon="key" href="/guides/apps/auth/access-scopes" arrow="true">
    Learn about the permission model that dictates what resources an app has access to and what actions an app can perform.
  </Card>

  <Card title="Client secret rotation" icon="rotate" href="/guides/apps/auth/oauth-rotation" arrow="true">
    Learn how to rotate your app's client secret with zero downtime in the event that it's compromised or publicly exposed.
  </Card>
</Columns>
