> ## Documentation Index
> Fetch the complete documentation index at: https://docs.x.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

export const Button = ({href, children}) => {
  return <div className="not-prose group">
    <a href={href}>
      <button className="flex items-center space-x-2.5 py-1 px-4 bg-primary-dark dark:bg-white text-white dark:text-gray-950 rounded-full group-hover:opacity-[0.9] font-medium">
        <span>
          {children}
        </span>
        <svg width="3" height="24" viewBox="0 -9 3 24" class="h-6 rotate-0 overflow-visible"><path d="M0 0L3 3L0 6" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"></path></svg>
      </button>
    </a>
  </div>;
};

***

title: Authentication
sidebarTitle: Overview
keywords: \["authentication", "OAuth", "OAuth 1.0a", "OAuth 2.0", "API authentication", "bearer token", "access tokens", "API keys", "user context", "app only", "PKCE", "authorization code", "basic authentication"]

description: X APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication.---

X APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There are a few methods for authentication, each listed below.

Most developers will not need to deal with the complexities surrounding authentication since client libraries automatically handle these difficulties.

You can find a list of available client libraries on our [Tools and libraries](/resources/tools-and-libraries) page.

## Authentication methods

<CardGroup cols={2}>
  <Card title="OAuth 1.0a User Context" href="/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret">
    OAuth 1.0a allows an authorized X developer App to access private account information or perform a X action on behalf of a X account.

    <br />

    [**Learn More**](/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret)
  </Card>

  <Card title="App only" href="/resources/fundamentals/authentication/oauth-2-0/overview">
    App only Access Token allows a X developer app to access information publicly available on X.

    <br />

    [**Learn More**](/resources/fundamentals/authentication/oauth-2-0/overview)
  </Card>

  <Card title="Basic authentication" href="/resources/fundamentals/authentication/basic-auth">
    Many of X's enterprise APIs require the use of HTTP Basic Authentication.

    <br />

    [**Learn More**](/resources/fundamentals/authentication/basic-auth)
  </Card>

  <Card title="OAuth 2.0 Authorization Code Flow with PKCE" href="/resources/fundamentals/authentication/oauth-2-0/authorization-code">
    OAuth 2.0 User Context allows you to authenticate on behalf of another account with greater control over an application's scope, and authorization flows across multiple devices.

    <br />

    [**Learn More**](/resources/fundamentals/authentication/oauth-2-0/authorization-code)
  </Card>
</CardGroup>

<Note>
  **Note:**
  Your App's API Keys and App only Access Token, as well as your personal Access Token and Access Token Secret can be obtained from the [X developer Apps](/resources/fundamentals/developer-apps) section found in the [Developer Console](/resources/fundamentals/developer-portal).

  **If you would like to make requests on behalf of another user**, you will need to generate a separate set of Access Tokens for that user using the [3-legged OAuth flow](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens), and pass that user's tokens with your OAuth 1.0a User Context or OAuth 2.0 user context requests.
</Note>

## Additional resources

<CardGroup cols={2}>
  <Card title="Guides" href="/resources/fundamentals/authentication/guides">
    Learn how to generate tokens and authenticate requests using our integration guides.
  </Card>

  <Card title="API reference" href="/resources/fundamentals/authentication/api-reference">
    Review our reference guides for our authentication endpoints.
  </Card>

  <Card title="Best practices" href="/resources/fundamentals/authentication/guides/authentication-best-practices">
    Make sure you protect yourself and understand the best practices for storing your keys and tokens.
  </Card>

  <Card title="FAQs" href="/resources/fundamentals/authentication/faq">
    Question? Visit our FAQs.
  </Card>
</CardGroup>