> ## Documentation Index
> Fetch the complete documentation index at: https://docs.grailpay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

Our Payments API uses Bearer Authentication to enforce authentication for all its incoming requests. Bearer Authentication
(Token Authentication) is an HTTP authentication mechanism that involves security tokens generated by GrailPay servers.

<CodeGroup>
  ```Bearer Authentication theme={"system"}
  {
      "Authorization": "Bearer {YOUR_API_KEY}"
  }
  ```
</CodeGroup>

If you have lost an API Key, please connect immediately with our support to block current API Key(s) and generate new one(s).

All API requests must be made over HTTPS. Calls made over HTTP will fail.

### Common Authentication Errors & Warnings

<CodeGroup>
  ```json 401 (Unauthorized) theme={"system"}
  {
      "status": false,
      "message": "Invalid token.",
      "data": null,
      "errors": null,
      "error_code": {
      "type": "client_error",
      "subtype": "unauthorized"
  }

  -----------------------------------------------------

  {
      "status": false,
      "message": "Invalid token format. The token should be in the following format: ID|TOKEN_VALUE. Example: 12345|abcdefg",
      "data": null,
      "errors": null,
      "error_code": {
      "type": "client_error",
      "subtype": "invalid_token_format"
  }

  -----------------------------------------------------

  {
      "status": false,
      "message": "Invalid token format. The ID in the token must be an integer. Example: 12345|abcdefg",
      "data": null,
      "errors": null,
      "error_code": {
      "type": "client_error",
      "subtype": "invalid_token_format"
  }
  ```
</CodeGroup>
