# Authentication OAuth Authentication In order to interact with the Moota API, you or your application must authenticate. The Moota API handles this through OAuth, an open standard for authorization. OAuth allows you to delegate access to your account in full or in read-only mode. You can generate an OAuth token by visiting the Apps & API section of the Moota control panel for your account. An OAuth token functions as a complete authentication request. In effect, it acts as a substitute for a username and password pair. Because of this, it is absolutely essential that you keep your OAuth tokens secure. In fact, upon generation, the web interface will only display each token a single time in order to prevent the token from being compromised. ## **How to Authenticate with OAuth** In order to make an authenticated request, include a bearer-type Authorization header containing your OAuth token. All requests must be made over HTTPS. Authenticate with a Bearer Authorization Header ## Content-type and Accept Header Moota API uses JSON format for both input and output, therefore it is required to specify JSON as content type & accept JSON as response. The header specifications are as below. | HTTP(s) Header | Type | Description | | --------------- | ------------------ | ------------------------------------------------------------------------------------------------------------ | | `Content-Type` | `application/json` | It indicates that JSON format will be used in the request. Moota API accepts JSON requests. | | `Accept` | `application/json` | It indicates that JSON format is acceptable as response for the request. Midtrans API responds back in JSON. | | `Authorization` | `Bearer` | The Authorization field in Bearer Auth format, Server Key is used as username, and the password is blank. | **Authenticate with a Bearer Authorization Header** ``` curl -X $HTTP_METHOD -H "Authorization: Bearer " "https://app.moota.co/v2/$OBJECT" ``` ## Get Access Token ## Auth `POST` `https://app.moota.co/api/v2/auth/login` #### Request Body | Name | Type | Description | | -------- | ------ | --------------------------------------------------------------------------- | | username | string | Username of account moota | | password | string | Password of account moota | | scopes | array | Scopes of permision access token can di anything you can define with scopes | {% tabs %} {% tab title="200 " %} ``` { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." } ``` {% endtab %} {% tab title="302 " %} ``` { "message": "Invalid Credentials" } ``` {% endtab %} {% endtabs %} | Scopes | | | -------------- | ----------------------------------------------------- | | api | Permision fo all access endpoint | | user | Permision for manage user only | | user\_read | Permision only read profile without action | | bank | Permision for manage bank account only | | bank\_read | Persmision only read data bank account without action | | mutation | Permision for manage all data mutation | | mutation\_read | Permision only read data mutation without action | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://moota.gitbook.io/technical-docs/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.