# Authenticate with the API

> **Audience**: All Immuta Users
>
> **Content Summary**: Calls to the Immuta API require authentication. This page includes the API key authentication endpoint, request and response parameters, and example requests and responses for API authentication.

## Workflow

There are two methods for making an authenticated request to the Immuta API.

* [**API Key Method**](#api-key-method):
  * Generate an API key.
  * Pass your API key in the Authorization header when making a request.
* [**Bearer Token Method**](#bearer-token-method):
  * Generate an API key.
  * Make a request to the `authentication` endpoint to receive a bearer token.
  * Include the bearer token in the Authorization header when making a request. This token should be used for multiple requests until it expires. **Once a token expires, users must authenticate again to get a new token**. When a request uses an expired token, the request will return with a `401` status code.

## API Key Method

1. Generate your API key on the **API Keys** tab on your profile page and save the API key somewhere secure.
2. You will pass this API key in the authorization header when you make a request, as illustrated in the example below:

   ```shell
   curl \
       --request GET \
       --header "Content-Type: application/json" \
       --header "Authorization: 846e9e43c86a4ct1be14290d95127d13f" \
       https://your-immuta-url.immuta.com/audit
   ```

## Bearer Token Method

1. Generate your API key on the **API Keys** tab on your profile page and save the API key somewhere secure.
2. Save your API key in a .json file.

   ```json
   {
     "apikey": "846e9e43c86a4ct1be14290d95127d13f"
   }
   ```
3. Make the following request to the `authentication` endpoint:

   ```shell
   curl \
       --request POST \
       --header "Content-Type: application/json" \
       --data @example_payload.json \
       https://your-immuta-url.immuta.com/bim/apikey/authenticate
   ```
4. You will receive a response that includes your bearer token. Pass that bearer token in the Authorization header when you make a request, as illustrated in the example below:

   ```shell
   curl \
       --request GET \
       --header "Content-Type: application/json" \
       --header "Authorization: Bearer dea464c07bd07300095caa8" \
       https://demo.immuta.com/audit
   ```