# Basics

### Authentication <a href="#authentication" id="authentication"></a>

First, you must obtain your OCTO API Key. See [request-access](https://octodocs.peek.com/getting-started/request-access "mention") for details.

OCTP uses Bearer authentication which you can use to authenticate:

```
GET integrations/octo/products HTTP/1.1
Host: octo.peek.com
Authorization: Bearer 5bd1629a-323e-4edb-ac9b-327ef51e6136
```

{% hint style="info" %}
All communication must be sent over HTTPS
{% endhint %}

If the token is invalid or is deactivated a HTTP 403 Forbidden error will be returned.

### JSON Content Type

Every `POST`, `PATCH` and `DELETE` request must use `Content-Type: application/json` header and the request body must be a JSON encoded string. Every endpoint will return JSON unless otherwise stated.