> ## Documentation Index > Fetch the complete documentation index at: https://developer.jobmojito.com/llms.txt > Use this file to discover all available pages before exploring further. # Authentication > Authenticate JobMojito API requests with a bearer token in the Authorization header. Every JobMojito API request is authenticated with a **bearer token** sent in the `Authorization` header: ```http theme={null} Authorization: Bearer ``` The token identifies your merchant account and the environment it belongs to. Requests without a valid token are rejected with **HTTP 401**. ```bash theme={null} curl https://cool.jobmojito.com/functions/v1/job-interview-get \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "interview_id": "00000000-0000-0000-0000-000000000000" }' ``` ## Getting a token Your API credentials are issued from the JobMojito admin. If you don't have them yet, contact your account manager or [**support@jobmojito.com**](mailto:support@jobmojito.com). ## Who the token represents The token is bound to a **merchant** account. Most endpoints automatically scope their work to that merchant - you don't pass a `merchant_id` yourself. A few service-level integrations may operate across merchants; in those cases the endpoint documents a required `merchant_id` field and returns **422** if it's missing. ## Authorization errors | Status | Meaning | | ------ | --------------------------------------------------------------------------------------------- | | `401` | Missing, malformed, or expired token. | | `403` | The token is valid but not allowed to perform this action (for example, a non-merchant user). | ## Keep your token secret Treat the token like a password: * Send it only over HTTPS (all JobMojito endpoints are HTTPS-only). * Store it in a secret manager / environment variable, never in client-side code or version control. * Rotate it if you suspect it has leaked. Next: see [How the API works](/how-the-api-works) for the base URL, request format and error model.