# Authentication Authentication to the PDF Insights API is done by passing credentials in the request header. ## Request Headers All API calls must contain `Authorization` and `MT-Product` headers. They may also contain an optional `MT-Customer-ID` header. | Header | Description | Supported Values | | --- | --- | --- | | **Authorization** *required* | The credentials for the requests | - **Basic:** For username/password authentication. - **Bearer:** For license key or token authentication. | | **MT-Product** *required* | The product you are accessing. | One of the following values:- `pdfinsights` - `pdfinsightstp` - `thumbprint` | | **MT-Customer-ID** *optional* | For resellers using a customer ID for authentication. | `MT-Customer-ID: your_customer_id_here` | ### Credentials Supported The `Authentication` header supports three types of credentials: - Username/Password - Session Token - License Token #### Username/Password The username/password combination of any user registered in PDF Insights. These should be submitted in base64-encoded format via Basic authentication. ``` Authorization: Basic base64(username:password) ``` #### Session Token Via the [`/authenticate`](https://docs.moneythumb.com/pdf-insights/api-reference/other/authenticate) endpoint, you can exchange username/password credentials for a session token. You can then submit this to any subsequent API call as a Bearer token. ``` Authorization: Bearer session_token ``` **Note:** A session token expires after 24 hours. #### License Token *deprecated* The license key for your account. It should be submitted as a Bearer token. ``` Authorization: Bearer license_key ``` ## Obtaining a Session token To obtain a session token, simply send a credentialed GET request to the [`/authenticate`](https://docs.moneythumb.com/pdf-insights/api-reference/other/authenticate) endpoint. Be sure to include the two required headers. ``` GET api/v1.5/authenticate Authorization: Basic base64(username:password) MT-Product: your_product ``` **Note:** You also use your license code as an lasting token. ## Migrating from prior versions To migrate to header authentication, you will need to do three things: 1. Replace calls to `POST /authenticate`, with the new `GET /authenticate`. 2. Remove username, password, token, product, and customer-id properties from your request body. 3. Replace them with `Authorization`, `MT-Product`, and optionally `MT-Customer-ID` headers.