# Authentication ## API Keys ### What can I do with API Keys? As of right now, this opens up access to our GraphQL API. Stay tuned to for more ways your API key can be used to integrate with third party services. ### How do I enable Developer settings for my institution? Developer settings are available to Institutions with a [Pro level plan or greater](https://www.eduflow.com/pricing). From there, administrators and owners will be able to use their institution dashboard (accessible via top-left menu) to create keys. ![You can navigate to your Dashboard via the top left-menu](/files/-MSZKgq3W3GpcIjkLDf8) ### How do I create an API access key? API Keys are required to use the GraphQL API and other API Key related features can be created through the Developer API settings: ![From within the Institution Dashboard](/files/-MSZLERMj2sHvSpTpBZE) And within the **Developer API** section: ![Clicking "Generate API Key" will produce a key to access your institution](/files/-MSFFi1FbLHA4zwwg8SQ) The institution's API key can be revoked, which will prevent future requests from accessing with that key. If you would like a test / developer institution created for development, contact our support. ![](/files/-MSFFk3Md2Gje_0CD4R8) ## Authentication methods {% hint style="info" %} For examples, see the [Usage page](/getting-started-1/usage.md). {% endhint %} ### Bearer token (Authorization headers) Authentication is passed via bearer token. This is done via taking your institution's [API key](/getting-started-1/authentication.md#api-keys) passing it in the [`Authorization` HTTP Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) in this format: `Authorization: Bearer ` #### Ways to pass authorization headers * In browser, via an extension that modifies requests (e.g. [Postman](https://swagger.io/docs/specification/authentication/bearer-authentication/)) * Terminal usage: via `curl(1)` or `wget(1)` (see [examples](/getting-started-1/usage.md#api-access)) * Programmatically via network requests (see [examples](/getting-started-1/usage.md#api-access)) #### See also * [HTTP Headers > Authorization](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) on MDN Web Docs * Similar: [Swagger's Bearer authentication method](https://swagger.io/docs/specification/authentication/bearer-authentication/) ([archive.org](https://web.archive.org/web/20210202204128/https://swagger.io/docs/specification/authentication/bearer-authentication/)) * Similar: [Postman docks on Bearer authentication](https://learning.postman.com/docs/sending-requests/authorization/#bearer-token) ([archive.org](https://web.archive.org/web/20210126204525/https://learning.postman.com/docs/sending-requests/authorization/)) * Similar: [RFC6750 / OAuth 2.0 Authorization Framework: Bearer Token Usage](https://tools.ietf.org/html/rfc6750#section-2.1) ([archive.org](https://web.archive.org/web/20201214095310/https://tools.ietf.org/html/rfc6750)) ### Via session You can access and Login as an institution owner / admin to access graphiql directly. To see this in action see the [graphiql usage example](/getting-started-1/usage.md#session-based-graphiql). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eduflow.com/getting-started-1/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.