> For the complete documentation index, see [llms.txt](https://api.docs.fan/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://api.docs.fan/readme.md).

# Overview

Fanatics ID is the authentication layer for the Fanatics ecosystem. It lets your application sign users in (or authenticate your servers) and obtain tokens that can be used to call our APIs.

There are **two ways to integrate**. Both require an OAuth 2.0 client to be set up first — see [Before you start](/before-you-start.md).

## Choose your integration path

<table><thead><tr><th width="180">Path</th><th>Web SSO (fanidui)</th><th>Native (Gateway)</th></tr></thead><tbody><tr><td><strong>Best for</strong></td><td>Apps that want Fanatics to host the full login &#x26; registration experience</td><td>Server-to-server access, and flows where one party requests access on behalf of another (e.g. QR / point-of-sale)</td></tr><tr><td><strong>How it works</strong></td><td>You redirect the user to our hosted login site; we redirect back with a code you exchange for tokens (OAuth 2.0 authorization code flow)</td><td>Your servers call our gateway directly using client credentials or an assertion</td></tr><tr><td><strong>User present?</strong></td><td>Yes — a real user logs in</td><td>Not necessarily — supports tokens not tied to a specific user</td></tr><tr><td><strong>Primary host</strong></td><td><code>id.fanatics.com</code></td><td><code>auth.apis.fan</code></td></tr><tr><td><strong>Start here</strong></td><td><a href="/pages/UqIsSSIcZO8z9dojoyZI">Web SSO → How it works</a></td><td><a href="/pages/1ta4AB7FOOpju8WWxauC">Native → How it works</a></td></tr></tbody></table>

Not sure which one fits your use case? Work with the Fan EcoSystem team to decide based on your integration.

Beyond these two paths, we also support [Assertions](/assertions/point-of-sale.md) — a way for an already-authenticated session to mint a short-lived, pre-authorized grant that another party can redeem for an access token without the user logging in again.

## What you'll do

1. [**Get an OAuth client**](/before-you-start.md) and provide your redirect URIs (and IP ranges for non-production access).
2. **Pick your path** above and follow its guide.
3. Use the returned access token as the `Authorization` header to call our APIs.

In a hurry? The [Quickstart (Web SSO)](/quickstart.md) walks the most common path end to end. See [Environments & Endpoints](/reference/environments.md) for hosts and access rules per environment.
