# Authentication All APIs take an `token` param in the Authorization header. These key are associated with a user and allow permission to the user to request the API. ## Signature Request Send a POST request to `https://bigvision.id/api/user/login`, by providing these arguments as `application/json` with request payload: ```javascript { "username": "YOUR_USERNAME", "password": "YOUR_PASSWORD" } ``` you will get a response similar to this: ```javascript { "result": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJsOG5Ma2ZtX2VYMDcydlhrMlhYMm91cFVEUmQwY2dmRzR3anltMjR2NjV3In0.eyJleHAiOjE2MjU4MDY5MjMsImlhdCI6MTYyNTgwNjYyMywianRpIjoiZmY0MDAxNWEtOGFiZC00ZWZlLWI4ZTItNWI0NGZmYWI0MGIxIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvb2NyIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImYwNWI4ZDkyLTBlNTMtNDU1MS1hZGJhLTBjYjU4NGQ4MTAwMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFkbWluIiwic2Vzc2lvbl9zdGF0ZSI6IjMyN2JhYWZhLTRkZDgtNDkyZi05MDU4LWE4NjRiZDRhNzJhNiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kc2Mtb2NyLnVkYXRhLmlkIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiYWJkYW5tdWxpYSBhYmRhbm11bGlhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiNzBjYjYxNWItYzdjZS00NmIxLWE5OWEtNjU2ZjliNDI4MWZkIiwiZ2l2ZW5fbmFtZSI6ImFiZGFubXVsaWEiLCJmYW1pbHlfbmFtZSI6ImFiZGFubXVsaWEiLCJlbWFpbCI6ImFiZGFubXVsaWFAZ21haWwuY29tIn0.IqdfUoVEXmecy-JHNi5sRBp4WpXYZv-lJMCxTVzfUvAsoZG0By8Q2ovLfDOm4YiXGbfGZM8aRTgb6rdY9vkz4FimWz3IA6aKfgr2OvjwALZfpexfrVSMhXF9QgmOm9o2vanWYqAfO36jccbuD54eg3bjMhwQhioxRlNO9sj4S6t88Qvy7H9MHgCBBfK-d1uaHLKxIQ6Woi-rCpizROvUMpgQbrm_7lSakUGcWUa3rLDf6wE-DYOMrnB4CpC8PU60uj4Qwo3sAitUNG_IQrYKcDXIJUIMc77pxaZB2g-nZikOCAxf6Jt3LH6TI39dbxQr_7HQ2CN5AGQBHHR_n7rfOA", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4MDE0ZmEzZS03MWFlLTRhYjMtOGVlYy04MGU4ZmVjNjZiZjUifQ.eyJleHAiOjE2MjU4MDg0MjMsImlhdCI6MTYyNTgwNjYyMywianRpIjoiNGNjOTVhMmUtNGExMy00M2ZmLWJkZmQtNmQ4MjNhMjg3NjA2IiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvb2NyIiwiYXVkIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvb2NyIiwic3ViIjoiZjA1YjhkOTItMGU1My00NTUxLWFkYmEtMGNiNTg0ZDgxMDAyIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFkbWluIiwic2Vzc2lvbl9zdGF0ZSI6IjMyN2JhYWZhLTRkZDgtNDkyZi05MDU4LWE4NjRiZDRhNzJhNiIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.akiGJ0JgC512CjPKiP4hGlHdgDHE7-VzIDPCBzGDRRY" }, "success": true } ``` {% hint style="info" %} For security reason expires in 300 seconds, but you can get a new token without username or password just sent refresh\_token to Refresh Token API {% endhint %} ## Construct Authorization Key After you get the signature response contains `token`, you can start to construct your authorization key with this format: ``` Authorization=Bearer {YOUR_TOKEN} ``` Modify `Authorization`from signature response ## Configure Environment You need to pass your authentication as a header each time you make an API request. Below are variables that you need to setup as a header before making a request: | Key | Value | | --------------- | ----------------------- | | `Content-type` | `application/json` | | `Authorization` | Your authorization key. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://picaso-ocr.gitbook.io/ocr-api-bigvision/concept-design/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.