> ## Documentation Index > Fetch the complete documentation index at: https://docs.volubile.ai/llms.txt > Use this file to discover all available pages before exploring further. # Authentication All API endpoints require authentication using API Keys. To authenticate your requests: ## API Keys 1. Obtain your API Key from the [API Integration Settings](https://eu.volubile.ai/integrations/api) page. 2. Include this key in the `X-Api-Key` header of your HTTP request: ``` X-Api-Key: {volubile-api-key} ``` ### API Key Rotation Volubile provides a pair of API keys enabling you to manage a regular rotation or replace a potentially compromised key. ## Bearer Tokens Volubile also provides short-lived JWT Bearer tokens. This flow is useful when you do not want to expose your API key to downstream services and when you want to limit the permissions granted to a client with scoped access. ### Issue a token Use your API key to request a Bearer token from [`POST /v1/auth/token`](/api-reference/auth/create-token). For the full request and response reference, see [Create Token](/api-reference/auth/create-token). #### Supported scopes ##### Agents | Method | Route | Scope | | ---------------------------------------------------------- | ------------------------------------ | ------------------------- | | GET | /v1/agents | agents:read | | GET | /v1/agents/{'{'}id{'}'} | agents:read | | PATCH | /v1/agents/{'{'}id{'}'} | agents:write | ##### Calls | Method | Route | Scope | | ------------------------------------------------------- | ---------------------------------------------- | ------------------------ | | GET | /v1/calls | calls:read | | GET | /v1/calls/{'{'}id{'}'} | calls:read | | POST | /v1/calls | calls:write | | GET | /v1/calls/{'{'}id{'}'}/recording | calls:read | | GET | /v1/calls/{'{'}id{'}'}/transcript | calls:read | ##### Campaigns | Method | Route | Scope | | ------------------------------------------------------- | ---------------------------------------------- | ---------------------------- | | GET | /v1/campaigns/{'{'}id{'}'} | campaigns:read | | POST | /v1/campaigns | campaigns:write | | POST | /v1/campaigns/{'{'}id{'}'}/status | campaigns:write | ##### Bulk | Method | Route | Scope | | ------------------------------------------------------- | --------------------------- | ------------------------ | | POST | /v1/bulk/calls | calls:write | ### Use a Bearer token Send the issued token in the `Authorization` header: ```http theme={null} Authorization: Bearer {jwt-bearer-token} ``` Bearer tokens are short lived and scoped to the permissions requested when they are issued. Bearer tokens cannot be used to mint another token. Only API keys can call [`POST /v1/auth/token`](/api-reference/auth/create-token).