# Authentication

## 1. **Overview**

This API uses Breare Authorization API key for authentication to secure API requests and ensure data privacy. All requests must be authenticated with a valid token.

## 2. **Authentication Methods**

* **API Keys**
  * **Key Location**: In request header
  * **Example**: `Authorization: Api-Key {your-api-key}`

## 3. **Obtaining Tokens**

1. Log In to the [Aitomatic DXA Factory ](https://aiko.aitomatic.com/)
2. Choose Your Workspace
3. Access Workspace Settings
4. Navigate to the API Key tab
5. Generate a New API Key

<figure><img src="https://3519660898-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FCWpyD5pRWmqCpQjGz9ic%2Fuploads%2FwtqRBuwCQrzLOsfYh5rc%2FGet%20API%20Key.gif?alt=media&#x26;token=ba6e9ed8-aaaa-49b5-8ade-4e63e245c23c" alt=""><figcaption></figcaption></figure>

## 4. **Using Tokens**

**Example:**

* **Bearer Token**\
  Pass the access token in the `Authorization` header using the Bearer schema:

  ```http
  Authorization: Bearer {access_token}
  ```

## 6. **Error Responses**

TBD

**Example:**

* **401 Unauthorized**: Returned when the token is invalid or missing.
* **403 Forbidden**: Returned when the token is valid but lacks required permissions.

**Example Error Response:**

```json
{
  "error": "invalid_token",
  "error_description": "The access token expired"
}
```