# API Authentication Overview

eGain REST APIs use the **OAuth 2.0 authorization framework** to ensure secure access. Before making API requests, you must obtain an access token to prove your application has the necessary permissions.

The authentication process consists of four high-level steps:

1. [**Register a Client Application**](/developer-portal/guides/authentication/app-registration): Log in to the eGain Administration Console to create a client application. This generates your **Client ID** and **Client Secret**.
2. [**Find your API Metadata**](/developer-portal/guides/authentication/metadata): Access the Metadata button on your application page to find the specific Authorization and Token URLs for your instance.
3. [**Obtain a Token**](/developer-portal/guides/authentication/flow_overview): Choose an Authentication Flow based on your integration type:
  * **For Users/Customers**: Use [**Authorization Code**](/developer-portal/guides/authentication/auth-code-flow) or [**PKCE**](/developer-portal/guides/authentication/pkce-flow) flow. **PKCE** flow is an enhanced security version of **Authorization Code** flow.
  * [**For Anonymous Customer**](/developer-portal/guides/authentication/client-credentials-flow#_-1): Use **Anonymous Customer** flow.
  * [**For Server-to-Server**](/developer-portal/guides/authentication/client-credentials-flow): Use the **Client Credentials**.
  * [**For Server On Behalf Of User/Customer**](/developer-portal/guides/authentication/on-behalf-of-flow): Use the **On-Behalf-Of** flow.
  * [**For External Identity**](/developer-portal/guides/authentication/token-exchange-flow): Use the **Token Exchange** flow.
4. [**Call the API**](/developer-portal/guides/authentication/making-requests): Include the token in the HTTP `Authorization` header as a Bearer token.


### Quick Reference: Authentication Details

After completing all the steps, you can call APIs by including the generated access token in a Bearer token as authentication.

| Requirement | Description |
|  --- | --- |
| **Protocol** | OAuth 2.0 |
| **Header** | `Authorization: Bearer <access_token>` |
| **Token Domain** | `https://ai.egain.cloud/` |
| **API Domain** | `https://api.ai.egain.cloud/` |