# Authentication The OLI API supports two authentication methods: **Bearer Tokens** and **API Keys**. Each serves distinct purposes and is suited for different use cases. This summary provides an overview of both methods, highlighting their advantages and best practices. ## **Bearer Tokens** #### **Overview** Bearer tokens are short-lived credentials obtained through authentication using a username and password. They are required to access API endpoints and are used to generate API keys. #### **Key Characteristics** * **Authentication Flow**: Requires a username, password, and client credentials to obtain the token. * **Time-Limited**: Typically valid for 24 hours. * **Usage**: Ideal for manual or interactive sessions where a user logs in to perform actions. * **Rate-Limited**: The token generation process is subject to rate limits, ensuring fair usage and preventing abuse. *** ## **API Keys** #### **Overview** API keys are long-lived credentials generated by authenticated users. They are designed for automated scenarios, such as scheduled tasks or system-to-system communication. #### **Key Characteristics** * **Generated Using Bearer Tokens**: API keys are created via a dedicated endpoint after bearer token authentication. * **Time-Limited**: Can have custom expiration dates to control their validity period. * **Flexible**: Can be named for easy identification and managed (listed or deleted) through the API. * **Usage**: Ideal for automated processes to reduce the need for frequent authentication. *** ## **Why Use API Keys for Automation?** * **Reduced Transaction Overhead**: * Eliminates the need to repeatedly authenticate via bearer token, reducing login-related delays. * **Rate Limitation Avoidance**: * Avoids frequent login attempts that are subject to rate limits, making it more suitable for high-frequency operations. * **Custom Expiry**: * API keys can be configured with specific expiration dates to control access duration. * **Scalability**: * Simplifies integration with applications that need persistent, secure access to the API. *** ### **Best Practices for Using API Keys** 1. **Set Expiry Dates**: * Use a reasonable expiration period to limit the exposure of compromised keys. 2. **Limit Active Keys**: * Each user can have up to 5 active keys. Regularly review and delete unused keys. 3. **Secure Storage**: * Store API keys securely. They are displayed only once during generation. 4. **Rotate Keys Periodically**: * Regularly replace keys to maintain security and minimize risk. *** ### **When to Use Which?** * **Bearer Tokens**: * Best for **interactive sessions** or when initial authentication is required (e.g., generating API keys). * **API Keys**: * Best for **automated systems** or when long-term access without frequent authentication is required. By combining bearer tokens for initial authentication and API keys for ongoing automated operations, you can optimize security and performance while adhering to best practices. *** ### **Bearer Tokens** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://devdocs.olisystems.com/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.