# Authentication

All requests to the Occuspace Customer API must be authenticated using a Bearer token passed in the Authorization header.

### Obtaining a Token

API tokens are issued directly by the Occuspace team. To request a token, contact your Occuspace Customer Success Manager or reach out to support. Once issued, your token does not expire and can be used indefinitely.

### Making Authenticated Requests

Replace `YOUR_API_TOKEN` with the token issued to you by Occuspace. The token must be included in every request.

```bash
curl -X GET "https://api.occuspace.io/v2/locations" \
  -H "Authorization: Bearer YOUR_API_TOKEN"
```

### Security Best Practices

{% hint style="warning" %}
**Keep your token secure.** Do not expose your API token in client-side code, public repositories, or anywhere it could be accessed by unauthorized parties. If you believe your token has been compromised, contact Occuspace immediately to have it rotated.
{% endhint %}

### Error Responses

If your token is missing or invalid, the API will return a `401 Unauthorized` response. For a full breakdown of error response formats, see the Error Handling page.

```json
{
    "type": "https://api.occuspace.io/problems/unauthorized",
    "title": "Unauthorized",
    "status": 401,
    "detail": "Invalid API key",
    "instance": "/v2/locations",
    "request_id": "f1b8698f-b0e8-4fb9-82e1-ddf89029350c"
}
```