# Authentication

All requests to the API require authentication.

opsnow\.io uses a Bearer token for this purpose. Include the token in the request header as follows:

```javascript
Authorization: Bearer YOUR_TOKEN_HERE
```

For security reasons, keep the access token confidential.

Avoid hardcoding it directly into the application or exposing it in client-side scripts.

### User Authentication Method

opsnow\.io issues an API key after the user authentication process during the login. Subsequently, you can obtain an access token to make API calls.

#### Step 1. Request for API Key Issuance

* Access the [opsnow360.io](https://app.opsnow360.io/settings/api-key) service and request the issuance of an API Key.
* The requested user information is verified, and an API Key will be issued

#### Step 2. Request for Access Token Issuance

* Using the API Key obtained in Step 1, request for access token issuance.
* If the request for access token issuance is processed successfully, the access token and its expiration time (3600s) are returned.

```sh
curl -X POST "https://api.opsnow360.io/platform/v2/identity/api-keys/token" \
-H "Content-Type: application/json" \
-d '{"apiKey":"YOUR_API_KEY"}'
```

#### Step 3. API Call

* With the access token obtained in Step 2, you can use opsnow\.io's actual API.
* The issued access token follows the Bearer token method, explicitly stating the Bearer string and transmitting the access token.
* If the access token's validity period expires, access token reissuance is necessary.