# Authentication

{% hint style="info" %}
*The environment is located at* [*https://app.mluvii.com/api*](https://app.mluvii.com/api) *(in the case of the on-premise variant https\://{your\_domain}/API). You can authenticate yourself using one of the methods listed in the* [*Authentication*](#authentication) *section and call the API directly from the portal by clicking the button next to the specific API method.*
{% endhint %}

#### Authentication <a href="#authentication" id="authentication"></a>

If you want to call the Public API interface, you must first have a JWT token from the authentication server. The token is valid for 1 hour, after which it has to be updated (issued again).

**Mluvii Public API allows 2 ways how you can authorize yourself following the** [**OAuth 2.0 standard**](https://datatracker.ietf.org/doc/html/rfc6749)**.**

1. Generated API username and password (client\_credentials).
2. Login via the login screen (OpenID Connect)

## **API username and password**

### **Step 1**

Generate the new API password from the mluvii administration interface.

### **Step 2**

Use the generated password to call the authentication server.

```html
curl -X POST \
  https://app.mluvii.com/login/connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'response_type=token&grant_type=client_credentials&client_id=<your API username>&client_secret=<your API password>'
```

> On premise version: curl -X POST https\://{your\_domain}/login/connect/token

> For this step, you can use any library or tool that supports the OAuth2 standard. e.g. Postman:&#x20;

### **Step 3**

Use the JWT token returned by the authentication server to call the Public API using the HTTP “Bearer” header.

```html
curl -X GET https://app.mluvii.com/api/v1/Sessions/{id} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
```

> On premise version: curl -X GET https\://{your\_domain}/api/v1/Sessions/{id}

## **Login via the login screen**

{% hint style="info" %}
*If you call any API method without a token, the authentication server redirects the request to the login page. If you have administrator privileges, you can call the API directly from the browser after logging in.*
{% endhint %}

For the Webhooks list click [here](https://docs.mluvii.com/en/for-it-specialists/public-api/webhooks).