> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tetherai.ca/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with Tether APIs using JWT bearer tokens.

Most Tether API endpoints require a bearer token.

## Obtain a token

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://your-instance.example.com/api/auth/login \
    -H "Content-Type: application/json" \
    -d '{
      "email": "your-email@example.com",
      "password": "your-password"
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://your-instance.example.com/api/auth/login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      email: 'your-email@example.com',
      password: 'your-password',
    }),
  });

  const { token } = await response.json();
  ```
</CodeGroup>

## Use the token

```bash theme={null}
curl https://your-instance.example.com/api/auth/verify-token \
  -H "Authorization: Bearer <your-jwt-token>"
```

<Warning>
  Do not store long-lived tokens in client-side local storage for public web apps.
</Warning>

## Common auth issues

* `401 Unauthorized`: token is missing, expired, or malformed.
* `403 Forbidden`: token is valid but lacks required access role.
* Token from a different environment: staging token used against production API.

For complete API error patterns, see [Errors](/api-guides/errors).
