# API Authentication All requests to the API require proper authentication. Here two types of authentication methods for accessing API endpoints are described: **Bearer Token Authentication** and **API Key Authentication**. #### Authentication Flow To authenticate, users must send a POST request to the login endpoint with their credentials in the request body. On successful authentication, the server returns a **Bearer token**. ## Authentication process **Bearer authentication** (also called token authentication) in use ``` Authorization: Bearer ``` To obtain a Bearer token following options present ## User authentication process #### Field Descriptions | Option | Type | Description | | --- | --- | --- | | `access_token` | string | A token to be used in the `Authorization` header of subsequent API requests – **Bearer token**. | | `expires_in` | integer | Token validity in seconds (e.g., 3600 = 1 hour). | | `refresh_token` | string | Token used to obtain a new `access_token` without re-authentication. | ## Client authentication process It is used for application to application connection or integrations. Important If you don't have an API key, please contact your partner to get it before making requests using this method. #### Usage Once authenticated, include the `access_token` (Bearer token) in the `Authorization` header for all subsequent requests #### Notes - API Key: Ensure the API key is securely stored and transmitted over HTTPS to avoid interception by unauthorized parties. - `refresh_token` should be securely stored to enable token refresh without user login. ## General notes The following Request Headers remain the same throughout the process: The header of content-type has to be set as application/json ; charset=UTF-8. ``` Authorization: Bearer {identifier.access_token} Content-Type: application/json; charset=UTF-8 X-TENANT-ID: {tenant_tag} ``` In provided examples `Authorization: Bearer ` equal to `Authorization: Bearer {identifier.access_token}`.