# Authentication

The Weel API uses bearer token authentication to secure access to its endpoints. This document outlines the authentication process and requirements for using the API.

## Bearer Token

All API requests must include a bearer token in the `Authorization` header. This token serves as the primary means of authentication and authorization for accessing the API's resources.

### Obtaining a Bearer Token

You can create a bearer token securely via the [Weel web app](https://app.letsweel.com/app/settings#api) by going to Settings > API > Create New API Key.

### Request Format

The bearer token should be included in the `Authorization` header of each request using the following format:


```
Authorization: Bearer <token>
```

### Token Expiration

Bearer tokens do not have an expiration time. They remain valid until they are revoked or replaced.

### Revoking or replacing a Bearer Token

You can securely revoke and re-issue bearer tokens in the [Weel web app](https://app.letsweel.com/app/settings#api) by going to Settings > API and clicking on the bin icon next to the token you wish to delete.