# Authentication

style
@media (max-width: 390px) {
  /* Keep the heading action controls from expanding the page width on small phones. */
  .heading-anchor [aria-label="Copy"],
  .heading-anchor [aria-label="More actions"] {
    display: none !important;
  }
}

The REST API uses **Bearer token** authentication. Include your token in the
`Authorization` header as `Bearer <token>`. Your token identifies and
authorizes your account. Keep it secret: anyone with
the token can submit messages on your behalf. Do not embed it in client-side
code or commit it to source control.

Requests without a valid token are rejected with `401 Unauthorized`. Requests
with a valid token that is not permitted to perform the action are rejected with
`403 Forbidden`.

Always call the API over HTTPS and send the token only in the `Authorization`
header. Do not place the token in the URL or query string, and store it in a
secure secret store rather than in client-side code.

## Next steps

- [SMS](/docs/api/channels/sms) - channel overview and getting started.
- [Send SMS message](/docs/api/channels/sms/outbound-sms/send-sms-message)
  - submit your first outbound message.