---
title: Authentication
description: Protect your account with Management API authentication. Generate your personal access token through the Storyblok app.
url: https://storyblok.com/docs/api/management/getting-started/authentication
---

# Authentication

To authenticate your account when making API requests, include an access token in the Authorization header. There are two types of access tokens in Storyblok:

## Personal access token

A Personal Access Token is obtained from the Storyblok UI and grants access to all spaces associated with your account, including the Management API.

It is not tied to a single space but allows actions based on your permissions in all accessible spaces. This token is used without the `Bearer` keyword in the `Authorization` header. You can generate or manage personal access tokens in the [Storyblok account settings](https://app.storyblok.com/#/me/account?tab=token).

> [!WARNING]
> Personal access tokens grant broad access to your account. Never expose them in frontend code or commit them to version control. Always store them securely using environment variables. If exposed, revoke the token immediately and generate a new one.

## OAuth Access Token

An OAuth Access Token is obtained via the OAuth2 authentication flow and is tied to a single space.

-   It has a time-to-live (TTL) and is used for authenticating third-party apps or integrations.
-   Permissions (scopes) such as `read_content` and `write_content` are granted during the OAuth process.
-   This token must be used with the `Bearer` keyword in the `Authorization` header.

You can learn more about obtaining an OAuth access token in the [OAuth 2.0 Authorization Flow](/docs/plugins/oauth-authorization-flow).

## Examples

-   Personal Access Token (curl)
    
    ```bash
    curl -H "Authorization: YOUR_PERSONAL_ACCESS_TOKEN" https://mapi.storyblok.com/
    ```
    
-   OAuth Access Token (curl)
    
    ```bash
    curl -H "Authorization: Bearer YOUR_OAUTH_ACCESS_TOKEN" https://mapi.storyblok.com/
    ```
    
-   Personal Access Token (JavaScript)
    
    ```js
    // storyblok-js-client@>=7, node@>=18
    import Storyblok from "storyblok-js-client";
    
    const storyblok = new Storyblok({
      oauthToken: "YOUR_PERSONAL_ACCESS_TOKEN",
    });
    ```
    
-   OAuth Access Token (JavaScript)
    
    ```js
    // storyblok-js-client@>=7, node@>=18
    import Storyblok from "storyblok-js-client";
    
    const storyblok = new Storyblok({
      oauthToken: "Bearer YOUR_OAUTH_ACCESS_TOKEN",
    });
    ```

## Pagination

-   [Previous: Introduction](/docs/api/management)
-   [Next: Errors](/docs/api/management/getting-started/errors)