diff --git a/app/config.py b/app/config.py
index db761e8..4af7a8d 100644
--- a/app/config.py
+++ b/app/config.py
@@ -58,6 +58,8 @@ class Config:
     BANK_CALL_COLLECT_LOAN_ENDPOINT = os.getenv("BANK_CALL_COLLECT_LOAN_ENDPOINT","/CollectLoan")
     BANK_CALL_TRANSACTION_VERIFY = os.getenv("BANK_CALL_TRANSACTION_VERIFY", "/TransactionVerify")
     BANK_HEALTH_CHECK_ENDPOINT = os.getenv("BANK_HEALTH_CHECK_ENDPOINT", "/system-health-check")
+    BANK_CALL_AUTH_ENDPOINT = os.getenv("BANK_CALL_AUTH_ENDPOINT", "/api/Auth/generate-token")
+    BANK_GRANT_TYPE = os.getenv("BANK_GRANT_TYPE", "password")
     TEST_NO = os.getenv("TEST_NO", "2347038224367")
 
 settings = Config()
diff --git a/app/utils/auth.py b/app/utils/auth.py
index 0523774..a421ea1 100644
--- a/app/utils/auth.py
+++ b/app/utils/auth.py
@@ -1,9 +1,42 @@
 from app.config import settings
-
+import requests
+from app.utils.logger import logger
 
 def get_headers():
-    return {
-        "Content-Type": "application/json",
-        "x-api-key": settings.BANK_CALL_API_KEY,
-        "App-Id": settings.BANK_CALL_APP_ID,
+    BANK_CALL_BASE_URL = settings.BANK_CALL_BASE_URL
+    BANK_CALL_AUTH_ENDPOINT = settings.BANK_CALL_AUTH_ENDPOINT
+    BANK_CALL_BASIC_AUTH_USERNAME = settings.BANK_CALL_BASIC_AUTH_USERNAME
+    BANK_CALL_BASIC_AUTH_PASSWORD = settings.BANK_CALL_BASIC_AUTH_PASSWORD
+    BANK_GRANT_TYPE = settings.BANK_GRANT_TYPE
+
+    url = f"{BANK_CALL_BASE_URL}{BANK_CALL_AUTH_ENDPOINT}"
+    data = {
+        "grant_type": BANK_GRANT_TYPE,
+        "username": BANK_CALL_BASIC_AUTH_USERNAME,
+        "password": BANK_CALL_BASIC_AUTH_PASSWORD,
     }
+
+    try:
+        response = requests.post(url, data=data, timeout=10)
+        response.raise_for_status()  # Raises HTTPError for 4xx/5xx
+        result = response.json()
+        logger.info(f"Bank Call Auth Response: {result}")
+
+        # Check if access_token is present
+        if 'access_token' not in result:
+            logger.error("No access_token found in Bank Call Auth response")
+            return {"error": "Authentication failed: no access_token returned"}
+
+        return {
+            "Content-Type": "application/json",
+            "x-api-key": settings.BANK_CALL_API_KEY,
+            "App-Id": settings.BANK_CALL_APP_ID,
+            "Authorization": result['access_token']  # no Bearer
+        }
+
+    except requests.exceptions.RequestException as e:
+        logger.error(f"Failed to get auth token: {e}")
+        return {"error": "Authentication request failed"}
+    except ValueError as e:
+        logger.error(f"Failed to parse auth response JSON: {e}")
+        return {"error": "Invalid authentication response"}