--- title: Authentication and Authorization url: https://www.tines.com/docs/api/authentication/ updated: 2025-12-02T17:51:45+00:00 description: All requests to the Tines REST API require authentication. --- *[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/llms.txt) › [Tines API](https://www.tines.com/llms.txt)* # Authentication and Authorization *[View on tines.com](https://www.tines.com/docs/api/authentication/)* All requests to the Tines REST API require authentication. ## Generate API Key To generate an API key in Tines, use the [Tines connect flow](https://www.tines.com/docs/credentials/connect-flows/tines). - Navigate to the team that will be using the API and click **Credentials**. - Click **+ New Credential** and select **Tines** and follow the prompts to connect. To learn more about connect flows generally, see our [docs](https://www.tines.com/docs/credentials/connect-flows). ## View API Keys From the Tines settings page, select "API keys" under "Access & security". ![Navigation](https://www.datocms-assets.com/55802/1764675719-api_keys_settings_page.png) On the API Keys page you can view all of the API keys you have access to or create a new key. While you can create a new key manually from this page, using the [Tines connect flow](https://www.tines.com/docs/credentials/connect-flows/tines) is recommended. Tines has four types of API keys: - Personal API keys are linked to your user account, and have access to all items that you do. Operations performed using one of these keys will be recorded as being performed by you. Only you have access to create and delete your personal keys. - Service API keys are linked to separate service account users, and can be granted access to any tenant permissions such as `AUDIT_LOG_READ` and `TUNNEL_MANAGE` by a tenant owner. Operations performed using one of these keys will be recorded as being performed by the associated service account user. - Tenant owner API keys are linked to separate service account users, and have full Owner access to the entire tenant. Operations performed using one of these keys will be recorded as being performed by the associated service account user. Tenant Owners have access to create and delete all tenant keys. - Team API keys are also linked to separate service account users, but they have role-based access to a specific team on the tenant. Operations performed using one of these keys will be recorded as being performed by the associated service account user. Tenant Owners have access to create and delete all team keys. If you use an underprivileged API key to access a protected resource the key does not have permissions for, you will get a `404: Not Found` response. ## Using an API Key Each request sent to the REST API must be authenticated using an API key, included in the `X-User-Token` header. For example: ```bash curl -X GET https:///api/v1/events/ \ -H 'content-type: application/json' \ -H 'x-user-token: <>' ``` ### Bearer/Token Authentication Our API includes support for Bearer/Token Authentication. To authenticate using this method, simply include your API token in the `Authorization` header of your requests, prefixed with "Bearer" and a single space. For example: ```bash curl -X GET https:///api/v1/events/ \ -H 'content-type: application/json' \ -H 'Authorization: Bearer <>' ```