> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withbenji.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

> Authenticating your API requests with the Benji Platform APIs

All API endpoints are authenticated using API keys via the `x-api-key` header. There are 2 types of API keys supported:

* **User-based access tokens**, to initiate user-based activities such as earn, redeem and get status actions. These tokens are returned as part of the access/token/exchange API flow following the **Benji Connect SDK** `onSuccess` callback.
* **Partner API keys**, which you can generate through the dashboard in your developer settings page on Pilot, for all non-user-based interactions like retrieving campaign and partner information.

<Warning>
  Note that user tokens are short-lived and must be refreshed using the access/token/refresh API endpoint before they expire. User tokens are typically valid for 90 days. If a token has expired, you will get a 401 error from the relevant API endpoint. You can refresh the token using the access/token/refresh API endpoint.
</Warning>

<Tip>In APIs that support user\_id or user\_external\_id, you can either use the Partner API key and explicitly specify the user\_id, or use the user-based access token and omit these parameters since they are distinguished through the access token.</Tip>

<ParamField header="x-api-key" type="string" required>
  Partner API key or User access token
</ParamField>
