# Authentication

> How to obtain a bearer token to call the Flowkiwi APIs.

Every request to the Flowkiwi APIs is authenticated with an OAuth 2.0 **bearer token**, sent as:

```
Authorization: Bearer <token>
```

There are two ways to get one.

## User token

A **user token** authenticates you as a partner - the same identity you have when you sign in to the partner app. Use it to explore the API and to follow the [guides](/guides/).

You don't need to leave the docs to get one: on any endpoint page, the **Access token** field in the right-hand panel has a **Log in with Flowkiwi** button. Sign in once and your token is filled in automatically on every endpoint page and substituted into the `{token}` placeholder of every cURL example. You can also paste a token by hand into that field.

> **Treat it like a password**
>
> A user token grants access to your account. Don't share it, commit it, or paste it into untrusted tools. It is short-lived and tied to your session.

Ready to try it? Head to the reference:

- **[Product Management API](/api/product-management/products/)** - products, variants, options, collections and channel-aware pricing.
- **[Identity API](/api/identity/organizations/)** - organizations, instances and members.

## Integration token (machine-to-machine)

For production, server-to-server access you'll use an **integration** instead of a personal user token: an integration carries its own credentials (a client id and secret) that you exchange for a token, independent of any one partner's session.

> **Coming next**
>
> Integration credentials and the machine-to-machine token exchange are being documented next. For now, use a user token.