# Authentication

All API requests are using the Bearer Token Authorization. A Bearer Token will last up to an hour from the time it is generated, allowing multiple API calls to be made securely without authorizing each time.

## Authenticate

Use this endpoint if you want to authenticate and generate the token.

To be able to get your token access, open the Settings page in the Portal, then navigate to the section Webhook & API settings. You will need the username and password.

`Method: POST`

`Endpoint: {{env}}/api/authorize`

{% tabs %}
{% tab title="Payload" %}

```json
{
  "Username": "abc...123",
  "Password": "xyz...321"
}
```

{% endtab %}

{% tab title="Response" %}

```json
{
    "statusCode": 200,
    "message": "POST Request successful.",
    "isError": false,
    "result": {
        "Role": "API",
        "Token": "eyJhbG...tOTuvNvJc",
        "CustomerId": "3012...042f2",
        "CompanyName": "Test Company Inc."
        "CustomerType": "Customer",
        "Username": "b022aced-fae9-414f-853e-959fdf90d8f1"    }
}
```

{% endtab %}
{% endtabs %}

**Input parameters**

<table><thead><tr><th>Parameter</th><th width="237">Type</th><th>Description</th></tr></thead><tbody><tr><td>Username</td><td>string</td><td>Your API username</td></tr><tr><td>Password</td><td>string</td><td>Your API password</td></tr></tbody></table>

**Responses**

<table><thead><tr><th width="282.2000732421875">Parameter</th><th>Description</th></tr></thead><tbody><tr><td>Role</td><td>The role this login belongs to</td></tr><tr><td>Token</td><td>The authorization token that needs to be used in any other API request</td></tr><tr><td>CustomerId</td><td>The customer id this login belongs to</td></tr><tr><td>CompanyName</td><td>The company name this login belongs to</td></tr><tr><td>CustomerType</td><td>Type for the customer account</td></tr><tr><td>Username</td><td>Username for the login</td></tr></tbody></table>

{% hint style="info" %}
**INFO**

You have to inform the Token field received in this endpoint in any other request you want to execute. Once the token expires, you have to authenticate again to be able to retrieve a new token.
{% endhint %}

## Cancel token

Use this endpoint to invalidate an active authorization token. Once canceled, the token can no longer be used for authentication or API access.

`Method: PATCH`

`Endpoint: {{env}}/api/authorize/canceltoken`

{% tabs %}
{% tab title="Response" %}

```json
{
    "statusCode": 200,
    "message": "Token cancelled",
    "isError": false
}
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zumrails.com/api-reference/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.