# Authentication

## Personal Access Keys

Personal access keys are used to authenticate requests to the Polyteia API. For more information about personal access keys and how to create them, please refer to the [Personal Access Keys](https://docs.polyteia.com/platform-docs/en/account/personal-access-keys-pak) section of the Polyteia documentation.

## How do they work?

When you create a personal access key, it basically impersonates your account. When you use it to authenticate a request, the request will be made as if it was made by your account. Your personal access key is like your account's password. It has the same permissions as your account. If you have access to a resource, your personal access key will also have access to that resource.

## Authentication Process

### <mark style="background-color:yellow;">Bearer Token Authentication</mark>

All API requests must be authenticated using a Bearer token in the Authorization header.

#### Parameters

* `Authorization` (required): The Bearer token in the format `Bearer <your_access_token>`
* `Content-Type` (required): Must be set to `application/json`

{% hint style="danger" %}
Make sure to save your personal access key token in a secure location. Once you leave the page, you will not be able to see it again. If you lose it, you will need to create a new one. If someone gets access to your personal access key token, they will be able to impersonate your account and make requests to the API. So, please be careful and save it in a secure location. If you ever think that your personal access key token is compromised, you can delete it and create a new one.
{% endhint %}

#### Example

```bash
curl -X POST 'https://app.polyteia.com/api' \
    -header "Content-Type: application/json" \
    -header "Authorization: Bearer <your_access_token>" \ // your personal access key token
    --data '{
        "command": "create_dataset",
        "params": {
            "name": "Customers List",
            "solution_id": "sol_cv33u4n0i6q45p93i930",
            "description": "Customers list 4",
            "source": "https://example.com/dataset.csv",
            "slug": "customers_list"
        }
    }'
```

#### Response

* `200 OK`: Request was successful
* `401 Unauthorized`: Invalid or missing authentication token
* `403 Forbidden`: Token is valid but doesn't have required permissions

{% hint style="info" %}
All API endpoints require authentication. Make sure to include the Authorization header in every request.
{% endhint %}