# Authentication

The Hook API uses Bearer token authentication. All requests must include an `Authorization` header with a valid token.

```
Authorization: Bearer <your-token>
```

## Obtaining a token

Tokens can be created and managed from [app.hook.co](https://app.hook.co/profile/tokens). From there you can view all currently issued tokens, see when each one expires, and revoke any token at any time.

## Permissions

Each token is scoped to the permissions of the user who created it. API requests made with a token cannot exceed the access level of that user.

## Expiry

Tokens are issued with a custom expiry date. The maximum token lifetime is **365 days**.