# Authentication

Nuvio API uses token-based authentication, allowing users to authenticate API requests by inputting their tokens into the HTTP authorization bearer token header. 

All API requests must be authenticated and made through HTTPS. Any request that doesn't include a Bearer Token will return an error.

Example:

```sh
curl https://app.nuvio.io/v1/{method} -H
"Authorization: Bearer YOUR_TOKEN"
```

## Get your Access Token

You can generate an API access token from <mark style="color:orange;">`Nuvio Settings -> Company Settings -> Developers`</mark> tab at any time.

{% hint style="warning" %}
**Be careful:** Access tokens belongs to company workspaces, not to users. Any company admin user can create a new access token and that token will continue to serve as long as it is not deleted, **even though the user who created the token is not an active user anymore.**
{% endhint %}

{% hint style="warning" %}
Please be sure to keep your API access tokens secure! Do not share them in emails, chat messages, client-side code or publicly accessible sites.

If you have accidentally shared an API access token publicly, you can revoke it in the Developer tab under Nuvio Platform's company settings.
{% endhint %}

## Scopes

API access tokens serve within the granted scope only. You can select the API scopes while creating your API access token on Nuvio Dashboard.

For example, to add a new income or expense to Nuvio via API, the token must have the <mark style="color:orange;">`WRITE`</mark> scope. Check the [**Scopes**](#scopes) page to learn more which scope grants access to which resources / endpoints.

<br>