# Authentication

In order to access and interact with our API endpoints, authentication is required using the JSON Web Token ([JWT ↗](https://jwt.io/)) standard.

This page will guide you through the process of obtaining and attaching the JWT token to your requests' headers. The JWT token serves as a secure and efficient way to verify the identity of the user and authorize access to protected resources.

By following the instructions provided here, you will be able to successfully authenticate your requests and ensure the security of your interactions with our API. Let's dive in and explore the details of the authentication process.

### Create API operator [​](https://help.enterprise.ledger.com/api-documentation-v2/guides/broken-reference) <a href="#create-api-operator" id="create-api-operator"></a>

Follow the [official documentation ↗](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/get-started/api_user/register_api_users/) to create API operator, and save the generated credentials:

* `API Key ID`
* `API Key secret`

### Request a JWT [​](https://help.enterprise.ledger.com/api-documentation-v2/guides/broken-reference) <a href="#request-a-jwt" id="request-a-jwt"></a>

You can exchange `API Key ID` + `API Key secret` for a valid [JWT ↗](https://jwt.io/) on the target `workspace`:

bash

```
curl $API_BASE_URL/auth/token \
  -H "Content-Type: application/json" \
  -X POST --data '{
    "workspace": "<workspace>",
    "apiKeyId": "<api-key-id>",
    "apiKeySecret": "<api-key-secret>"
  }'
```

Response will look like:

json

```
{
  "accessToken": "eyJhbGci...ZDi022eQ",
  "expiresInSeconds": 300,
  "refreshToken": "eyJhbGci...zj9YL6Ow",
  "refreshExpiresInSeconds": 1800
}
```

The `accessToken` key contains the JWT.

### Use the JWT in headers [​](https://help.enterprise.ledger.com/api-documentation-v2/guides/broken-reference) <a href="#use-the-jwt-in-headers" id="use-the-jwt-in-headers"></a>

Attach the JWT to requests like this:

bash

```
JWT="eyJhbGci...ZDi022eQ"
curl -H "Authorization: Bearer $JWT" $API_BASE_URL/users/me
```

### Refresh the JWT [​](https://help.enterprise.ledger.com/api-documentation-v2/guides/broken-reference) <a href="#refresh-the-jwt" id="refresh-the-jwt"></a>

You can obtain new JWT without exchanging API credentials again and rather just exchanging `refreshToken` :

bash

```
curl $API_BASE_URL/auth/token/refresh \
  -H "Content-Type: application/json" \
  -X POST --data '{
    "workspace": "<workspace>",
    "refreshToken": "eyJhbGci...zj9YL6Ow",
  }'
```

The response will have exactly same structure as the `/auth/token` response (see [Request a JWT](https://about/revault/docs/authentication#request-a-jwt)).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.enterprise.ledger.com/api-documentation-v2/guides/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.