# Authentication

The API requires an authorization token for each request. A token can be generated from your [Xenia account](https://app.xenia.team).

> 🚧
>
> Please note that API tokens expire after 30 days of inactivity, at which point you would need to generate a new token to use. If a token is used to make API requests within that period, then it would not expire unless it's made invalid from new tokens.

Once you've obtained a token, it needs to be passed in the `Authorization` header on requests to the API. For example, `Authorization: Bearer b7f8f791...f26e554d`.

The Xenia API uses [OAuth 2.0](https://tools.ietf.org/html/rfc6749) as the means of authorization for individual requests. The initial authorization uses the [Resource Owner Password Credentials Grant](https://tools.ietf.org/html/rfc6749#section-4.3) method and currently doesn't support any other flows.

The token used by the API is a [Bearer token](https://tools.ietf.org/html/rfc6750). It should be considered as a "personal access token" that you control yourself, for your own Xenia account. A pre-registered client ID and secret are not required to create an authorization token.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.xenia.team/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.