# How to Authenticate

Pass one of the following on every request to the Carbon Voice API.

| Method | How to send |
| --- | --- |
| Personal Access Token | `Authorization: Bearer cv_pat_<token>` |
| OAuth2 Bearer | `Authorization: Bearer <access_token>` |
| API Key | `x-api-key: <key>` header |
| PXToken (session) | `pxtoken: <token>` header |

**Personal access tokens:** The recommended method for integrations and bots. Create and manage tokens in the [Developer Portal](https://www.developer.carbonvoice.app/). Tokens have a `cv_pat_` prefix, support read/write scopes, and can be revoked at any time.

**OAuth2:** Use the standard OAuth2 PKCE flow for apps acting on behalf of a user. The Developer Portal provides client ID, redirect URI configuration, and how-to examples.

**API Key:** Legacy method for server-to-server access. Manage keys in the [Developer Portal](https://www.developer.carbonvoice.app/).