# Authentication

Veza APIs support three methods for authenticating requests. Choose the method that best fits your use case.

| Method                            | Best for                                                     | Flow               |
| --------------------------------- | ------------------------------------------------------------ | ------------------ |
| [API Keys](#api-keys)             | Personal scripts, automation, and administrative tasks       | Bearer token       |
| [OAuth2 Apps](#oauth2-apps)       | Third-party applications that access Veza on behalf of users | Authorization code |
| [OAuth2 Clients](#oauth2-clients) | Service-to-service integrations using machine credentials    | Client credentials |

All methods are managed from **Administration** > *API Keys*.

{% hint style="info" %}
OAuth2 Apps and OAuth2 Clients are in early access. To enable OAuth2, contact your Veza account team, then enable the OAuth2 Authorization Server in **Administration** > *Sign-in Settings*.
{% endhint %}

## API Keys

API keys are personal or team-scoped tokens used for general platform access. Each personal key inherits the permissions of the user who created it. Team API keys authenticate as a team service account.

API keys are best suited for scripts, automation tools, and integrations where a human user or a team service account is the principal.

[Manage API Keys →](/4yItIzMvkpAvMVFAamTf/developers/api/authentication/api-tokens.md)

## OAuth2 Apps

OAuth2 Apps allow third-party applications to access Veza on behalf of a user. The application redirects users to Veza for authentication, and Veza issues an access token after the user grants consent.

Use OAuth2 Apps when building applications that need delegated user access to Veza resources.

[Set up OAuth2 Apps →](/4yItIzMvkpAvMVFAamTf/developers/api/authentication/oauth2-apps.md)

## OAuth2 Clients

OAuth2 Clients use the client credentials grant to authenticate machine-to-machine without user interaction. Clients are scoped to a Veza team and are best suited for backend services and automated pipelines.

[Set up OAuth2 Clients →](/4yItIzMvkpAvMVFAamTf/developers/api/authentication/oauth2-clients.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.