# Authenticating requests

To authenticate requests, include an **`Authorization`** header with the value **`"Bearer Bearer {token}"`**.

All authenticated endpoints are marked with a `requires authentication` badge in the documentation below.

Get tokens from `POST /api/auth/login`, send access token as `Bearer {token}`, and renew with `POST /api/auth/refresh` before access token expiry.