> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firstresonance.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate against the ION GraphQL API: API keys for machine-to-machine integrations and OAuth 2.0 for user-facing applications.

## Authentication methods

The ION GraphQL API supports two authentication methods: **API keys** for machine-to-machine integrations and **OAuth 2.0** for user-facing applications. Every request uses the same endpoint and `Authorization` header. Only the way you obtain the token differs.

## Endpoint and headers

Every authenticated request targets a single GraphQL endpoint. Include the access token on every request:

```http theme={null}
POST /graphql HTTP/1.1
Host: api.firstresonance.io
Authorization: Bearer <token>
Content-Type: application/json
```

ION also accepts `Authorization: Token <token>` for backward compatibility. Prefer `Bearer`. For multipart file uploads, set `Content-Type: multipart/form-data`. Follow the flow in [File Upload](/api-reference/guides/file-upload).

## Troubleshooting

When ION rejects a request during authentication, the response carries an `errors[].message` payload:

```json theme={null}
{
  "errors": [{ "message": "Token is expired." }]
}
```

For the full list of authentication failures and their fixes (`401 Unauthorized`, `403 Forbidden`, rate limits, and `5xx` errors), see [Error codes](/api-reference/error-codes).

## Related

* [Manage API keys](/api-reference/authentication/api-keys)
* [Authenticate with OAuth 2.0](/api-reference/authentication/oauth)
* [Getting started](/api-reference/getting-started)
* [Error codes](/api-reference/error-codes)
