> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shareofmodel.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> JWT, API keys, and OAuth — when to use what

Share Of Model exposes three authentication schemes. Most integrations only ever need the first two.

## Bearer JWT

The default for every Core API and Search Module endpoint. Pass a short-lived JSON Web Token in the `Authorization` header:

```http theme={null}
Authorization: Bearer <ACCESS_TOKEN>
```

Tokens expire — when they do, the API returns `401`. Request a new one through the API key exchange below or the refresh endpoint in the API Reference.

## API keys

Long-lived secrets you generate from the [console](https://console.shareofmodel.ai). Three scopes are available:

* **User key** — acts on behalf of a user across their organizations.
* **Organization key** — scoped to one organization.
* **Workspace key** — scoped to one workspace; safest for backend integrations.

Exchange a key for a JWT:

```bash theme={null}
curl -X POST https://api.shareofmodel.ai/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{"api_key": "<YOUR_API_KEY>"}'
```

Store the API key as a server-side secret. Never ship it to a browser.

## OAuth 2.0

Used only when connecting external Platform Accounts (Google Ads, TikTok). The flow runs through the console UI; you do not call the OAuth endpoints directly. See the **Platform Integrations** group in the [API Reference](/api-reference/introduction) for the resulting resources.
