# Request Authentication

## Creating an API key

To create an API key, see the instructions [here](/getting-started.md).

## Available methods

Almost all endpoints require authorization for access. You can authorize either be providing a static API key in your request, or by using an access token (JWT).

{% hint style="info" %}
Unless specifically indicated, all endpoints require use of one of the available authentication methods.
{% endhint %}

### Using API Keys

To authorize using an API key, include a query string parameter named `apiKey` in your request:

```javascript
axios({
	"method": "GET",
	"url": "[API_ENDPOINT]",
	"params": {
		"apiKey": "[YOUR_API_KEY]"
	}
})
```

```shell
curl "[API_ENDPOINT]?apiKey=[YOUR_API_KEY]"
```

{% hint style="info" %}
Make sure to replace `YOUR_API_KEY`with your API key.
{% endhint %}

You can use an API key to access the API. You can create a new API key in our [developer console](https://www.radiantdrift.com/console) (see [instructions](/getting-started.md)).

Radiant Drift accepts valid API keys included as a URL parameter in an request, as shown:

`...?apiKey=[YOUR_API_KEY]`

You must replace `YOUR_API_KEY` with your personal API key.Be sure to keep your API keys secure. Rotate them appropriately and configure appropriate restrictions to ensure they cannot be abused.

### Using Access Tokens

For additional security, you can obtain an access token in the form of a [JSON web token](https://en.wikipedia.org/wiki/JSON_Web_Token) using your account ID and an API key. The JWT so obtained can then be used to authorize multiple requests. This avoids the need to include the actual API key in every request. It also avoids an additional lookup on the server to fetch your API key details, which may result in marginally improved response times.

Use of the access token is subject to the same restrictions as those of the API key used to obtain it (i.e. allowed IP addresses and allowed origins).

### Obtaining an access token

{% hint style="info" %}
In our [OpenAPI spec](/getting-started/openapi-specification.md), this security scheme is named `radiantDriftAuth`. It is only used in conjunction with obtaining an access token (JWT)
{% endhint %}

{% openapi src="<https://api.radiantdrift.com/openapi/0.18.3.json>" path="/auth/access-token" method="get" %}
<https://api.radiantdrift.com/openapi/0.18.3.json>
{% endopenapi %}

To obtain an access token, make the following request:

{% code lineNumbers="true" %}

```javascript
axios({
	"method": "GET",
	"url": "http://api.radiantdrift.com/auth/access-token",
	"headers": {
		"Authorization": "RadiantDriftAuth [YOUR_ACCOUNT_ID]:[YOUR_API_KEY]"
	}
})
```

{% endcode %}

{% code lineNumbers="true" %}

```shell
curl "https://api.radiantdrift.com/auth/access-token" \
     -H 'Authorization: RadiantDriftAuth [YOUR_ACCOUNT_ID]:[YOUR_API_KEY]' 
```

{% endcode %}

Response:

{% code lineNumbers="true" %}

```json
// The token is returned as a field in the response body
{
  "success": true,
  "token": "[YOUR_ACCESS_TOKEN]"
}
```

{% endcode %}

{% hint style="info" %}
Make sure to replace `YOUR_ACCOUNT_ID` with your account ID and `YOUR_API_KEY` with your API key.
{% endhint %}

To obtain an access token, send a request to the access token end point, including an authorization header constructed from your account ID and API key.

Access tokens are valid for 15 minutes from the time of issue and can be used for multiple subsequent requests.

### Making a request with an access token

To authorize a request using an access token, include it shown:

{% code lineNumbers="true" %}

```javascript
axios({
	"method": "GET",
	"url": "https://api.radiantdrift.com/[API_ENDPOINT]",
	"headers": {
		"Authorization": "RadiantDriftAuth [YOUR_ACCESS_TOKEN]"
	}
})
```

{% endcode %}

{% code lineNumbers="true" %}

```shell
curl "https://api.radiantdrift.com/[API_ENDPOINT]" \
     -H 'Authorization: RadiantDriftAuth [YOUR_ACCESS_TOKEN]'
```

{% endcode %}

Response:

```json_doc
// Response varies based on the selected end point - see below
```

Make sure to replace `YOUR_ACCESS_TOKEN` with the response received to a successful access token request (see 'Obtaining an access token').

To make an authorized request using an access token, include it in the request Authorization header as shown:

```
Authorization: RadiantDriftAuth [YOUR_ACCESS_TOKEN]
```

### Authentication Failures

If your authentication is invalid (e.g. bad API key, expired JWT, JWT cannot be validated), you will receive a `401 Not Authorized` error. The response body may contain additional information as to why the request failed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.radiantdrift.com/getting-started/request-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.