> ## Documentation Index
> Fetch the complete documentation index at: https://sendcloud.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

## Before you begin

Before you can start making requests towards Sendcloud APIs, [register a Sendcloud account](/docs/getting-started), and [obtain your Public and Secret API keys](/docs/getting-started/how-to-create-your-api-keys) in order to authenticate your requests.

When adding an API integration in the Sendcloud platform, take a look at the following settings:

* **Service Points**: allows the API integration to be used in `servicepoint.sendcloud.sc` API.
* **Use OAuth2 authentication**: enforces the integration to use OAuth2 authentication instead of basic, otherwise it fails.
  <Note>OAuth2 authentication is currently available as a beta feature for a limited number of clients.</Note>

## Basic Authentication

Sendcloud uses [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) for authenticating requests for APIs, where your username is your **Public Key** and your password is your **Private Key** as provided for your integration.

<Danger>Do not share your Private API keys in publicly accessible areas such as GitHub, client-side code, etc.</Danger>

### Authenticating your requests

Once you have obtained your Public and Private keys, start authenticating your requests. To do this, include your keys in your requests.

```sh Example request using curl theme={null}
curl --location 'https://panel.sendcloud.sc/api/v2/parcels' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <base64-encoded-token>'
```

The `Authorization` header value is constructed by combining the API keys (base64-encoded) separated by a colon (`:`).

While this example uses `curl`, you can use any programming language or HTTP client that supports setting HTTP headers to make authenticated requests to the Sendcloud API.

## OAuth2 authentication (beta)

<Note>
  OAuth2 authentication is currently available as a beta feature for a limited number of clients. Following this beta
  phase, we are planning a gradual rollout of the OAuth2 authentication feature to all users. Our aim is to ensure a
  smooth transition and to continue providing an optimal user experience throughout the process.
</Note>

[OAuth2](https://en.wikipedia.org/wiki/OAuth) provides a token-based authentication mechanism. Obtain an access token by authenticating with the OAuth2 server, then include the obtained token in the `Authorization` headers of your API requests.

To generate an API integration for OAuth2, tick the **Use OAuth2 authentication** checkbox when [creating it in the Sendcloud platform](https://app.sendcloud.com/v2/settings/integrations/manage).

```sh Example request using curl theme={null}
# Generate an OAuth2 access token
curl -X POST --location "https://account.sendcloud.com/oauth2/token" \
  --header "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&scope=api" \
  --basic --user your_sendcloud_public_key:your_sendcloud_private_key
```

The response for the above request will be similar to the following:

```json Response body theme={null}
{
  "access_token": "ory_at_dK...",
  "expires_in": 3599,
  "scope": "api",
  "token_type": "bearer"
}
```

This request returns an `access_token`, which you can use in subsequent API requests:

```sh Example request using curl theme={null}
# Make a request to the Sendcloud API using OAuth2 authentication
curl --location "https://panel.sendcloud.sc/api/v2/user" \
  --header "Authorization: Bearer ${access_token}"
```