# Authentication

Received's APIs use a **Bearer token** in the Authorization header for each request. This token is obtained after a successful login or registration process and must be securely stored by the client. Ensure the header format is "Authorization: Bearer \<your\_token\_here>", where "\<your\_token\_here>" is replaced with your actual token.

{% code title="Endpoint on this page" lineNumbers="true" %}

```javascript
POST https://api.received.ai/auth/login
POST https://api.received.ai/auth/logout
POST https://api.received.ai/auth/keys/generate
GET https://api.received.ai/auth/keys/list
DELETE https://api.received.ai/auth/user/<api_key
```

{% endcode %}

## Authenticate API user

Authenticate user and return JWT token for future requests. The JWT token is used to authenticate the user in the API Gateway.

### API Login

{% code lineNumbers="true" %}

```javascript
POST https://api.received.ai/auth/login
```

{% endcode %}

{% code lineNumbers="true" %}

```javascript
{
  "api_key": "{{api_key}}",
  "password": "{{api_password}}"
}
```

{% endcode %}

#### Responses

JWT token for future requests.

{% code title="Example:" overflow="wrap" lineNumbers="true" %}

```javascript
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjJ9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
```

{% endcode %}

#### Schema

<table><thead><tr><th width="172">Term</th><th width="127">Type</th><th width="204">Description</th><th>Example</th></tr></thead><tbody><tr><td><code>username</code><mark style="color:red;">*</mark></td><td><mark style="color:purple;">String</mark></td><td>API Key</td><td><pre class="language-json"><code class="lang-json">46SQZ49LT100U2QWQ3SI
</code></pre></td></tr><tr><td><code>password</code><mark style="color:red;">*</mark></td><td><mark style="color:purple;">String</mark></td><td>API Password</td><td>************</td></tr></tbody></table>

## API Key Generation

API keys serve as unique identifiers to authenticate API clients, ensuring that the client is authorized to access the requested resources. Upon successful login, the API issues a JWT (JSON Web Token) to the client, which encapsulates the user's identity and permissions in a secure format. This JWT can then be used for subsequent API calls, streamlining the authentication process and enhancing security by limiting exposure of sensitive credentials.

### Admin Login

{% code lineNumbers="true" %}

```javascript
POST https://api.received.ai/auth/login
```

{% endcode %}

{% code lineNumbers="true" %}

```javascript
{
  "email": "{{admin_email}}",
  "password": "{{admin_password}}"
}
```

{% endcode %}

#### Response

Cookie session for further requests with Admin permissions&#x20;

### Generating API key

{% code lineNumbers="true" %}

```javascript
POST https://api.received.ai/auth/keys/generate
```

{% endcode %}

#### Response

API keys are critical for securing access to web services, acting as unique identifiers for each user or application. To keep them safe, it's essential to store them securely, avoid sharing them publicly, and use environment variables or encrypted secrets management services to manage them in applications.

{% code lineNumbers="true" %}

```javascript
{
  "api_key": "{{api_key}}",
  "password": "{{api_password}}"
}
```

{% endcode %}

## Explore More APIs

Delves into additional authentication methods and initial setup instructions, broadening your integration capabilities and enhancing secure access

### Admin Logout

{% code lineNumbers="true" %}

```javascript
POST https://api.received.ai/auth/logout
```

{% endcode %}

### List API Keys

{% code lineNumbers="true" %}

```javascript
GET https://api.received.ai/auth/keys/list
```

{% endcode %}

{% code title="Response" lineNumbers="true" %}

```javascript
[
    {
        "api_key_ref": "{{api_key_ref}}",
        "api_key": "{{api_key}}"
    }
]
```

{% endcode %}

### Delete API key

{% code lineNumbers="true" %}

```javascript
DELETE https://api.received.ai/auth/user/<api_key_ref>
```

{% endcode %}