> This is Payabli documentation. For a complete page index, fetch https://docs.payabli.com/llms.txt — append .md to any page URL for lightweight markdown. For section-level indexes, query parameters, and other AI-optimized access methods, see https://docs.payabli.com/ai-agents.md

# Authentication

> Choose how your integration authenticates to the Payabli API

Payabli supports two ways to authenticate API requests. Both authenticate the same endpoints, so choose based on how you want to manage credentials. For new integrations, Payabli recommends OAuth2 Bearer tokens. The `requestToken` API token remains fully supported, and existing integrations don't need to migrate.

|                | API token                                                                                                          | OAuth2 Bearer token                                             |
| -------------- | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- |
| Sent as        | `requestToken` header                                                                                              | `Authorization: Bearer` header                                  |
| Lifetime       | Long-lived (1–24 months)                                                                                           | Short-lived (hours; see `expires_in`)                           |
| How you get it | Create it in the Payabli Portal                                                                                    | Exchange a client ID and secret at the token endpoint           |
| Use it when    | You want a long-lived credential with minimal setup, or you're maintaining an existing `requestToken` integration. | You want short-lived, rotatable, permission-scoped credentials. |

* **API token** — sent in the `requestToken` header. See [API token authentication](/developers/api-tokens) for the header, how to create tokens, and the token types.
* **OAuth2 Bearer token** — obtained through the client-credentials flow. See [OAuth authentication](/developers/oauth-authentication) for the flow, and [Manage API credentials](/guides/platform-developer-api-credentials-manage) for provisioning the client ID and secret.