# Authentication

## Access token <a href="#access-token" id="access-token"></a>

All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the `Authorization` header. Example:

```
curl -H "Authorization: Bearer <token>" https://api.didomi.io/v1/properties
```

All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a `401` error code.‌

## Authentication workflow <a href="#authentication-workflow" id="authentication-workflow"></a>

Start by connecting to the Didomi console. Navigate to the adequate organization and go to `Settings/Private API keys.` There you will be able to generate a Private API key and a secret.‌

To generate an access token, send an HTTP `POST` request to `https://api.didomi.io/v1/sessions` with a JSON body containing the following values:

| Key      | Value           | Description                                                                   |
| -------- | --------------- | ----------------------------------------------------------------------------- |
| `type`   | api-key         | The type of authorization request (in this case, using an API key and secret) |
| `key`    | Your API key    | Use your Private API key                                                      |
| `secret` | Your API secret | Use the secret that you received when you generated your Private API key      |

The `/sessions` endpoint of the API is used to authenticate yourself and obtain a JSON Web Token that should be used for other API calls. All other API endpoints expect a JWT.‌

For a full reference of the endpoint and the resources that it returns, visit <https://api.didomi.io/docs/>.‌

{% hint style="warning" %}
We recommend caching and reusing tokens to avoid generating a new token for every API request.

Tokens will expire after 1 hour so, if you are running a long-term process, make sure to regenerate a new token regularly.
{% endhint %}

**Request example:**

```
curl --request POST --url 'https://api.didomi.io/v1/sessions' --header 'content-type: application/json' --data '{"type": "api-key", "key": "<Your API key>", "secret": "<Your API secret>"}'
```

The response will contain an `access_token` property with the token that you should use for authorizing further requests. If there is a problem authenticating you, a `400` error is returned.‌

**Response example:**

```
{    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.didomi.io/api-and-platform/introduction/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.