# Authentication
We support four kinds of authentication:
* API key
* Bearer token (no refresh token)
* Basic flow
* OAuth
Merchants enter their authentication key when they first activate your integration.
[](https://downloads.intercomcdn.com/i/o/817684897/e1bbecd0103ab30738cd9c07/Screenshot+2023-08-29+at+9.06.47+AM.png?expires=1725953400\&signature=f283279af7a320b0b3ccb6735e5d0e3b6a97f654e33bc578bcdd48cd03107aaa\&req=fCEgEMF6lYhYFb4f3HP0gHm1WgYHVYKT70jDYDEwdCrxY8zBBFQvy842BcOu%0AI8cU3tGiU4I12%2FsRfw%3D%3D%0A)
***
## API key
You can have the merchant’s API key as a header or a query parameter. You can configure the field name, and add multiple headers if you need them.
[](https://downloads.intercomcdn.com/i/o/817685249/5de325d1864ef75ddfa8e15c/Screenshot+2023-08-29+at+9.07.57+AM.png?expires=1725953400\&signature=7dbb3c2b2897baf8541334b64cd049bb78f5bed58ee9ccb671ab41e528e1a640\&req=fCEgEMF7n4VWFb4f3HP0gGC%2FFcGmmzjD0bAp1TLgn2RR1hGYUhN7Qe7G5RRL%0AUQfa62qYTLnggrPdyg%3D%3D%0A)
If you need merchants to enter an additional authentication parameter like their username and password, you can add those by [creating settings](https://support.zapiet.com/en/articles/6280079-creating-settings) and using the variable as the value.
[](https://downloads.intercomcdn.com/i/o/817880560/533b9fc53c85a82541699383/432c0cd1-4855-425f-8603-1a27eb5ae39b.png?expires=1725953400\&signature=8246bfc1e310908f950040188e9eb5c22b99459b9f618365a92a70f73f640772\&req=fCEgHsF%2BmIdfFb4f3HP0gLRDbR2wMy02sz7P72iIHHnFr4IcuN1FmvQqiSdc%0ApoXiUT9zdojuwF4tDg%3D%3D%0A)
***
## Bearer token
We will automatically attach an Authorization header to your requests. We will add the merchant’s key after “Bearer”. We can only support bearer tokens that don’t expire, and we don’t support refresh tokens yet.
```
Authorization: Bearer YW5keTpjYXJnaW5keTpjYXJnaWxs
```
***
## Basic flow
We will automatically attach an Authorization header to your requests. We will add the merchant’s key after “Basic”.
```
Authorization: Basic YW5keTpjYXJnaWxs
```
***
## OAuth
When OAuth is selected, you need to specify the Authentication end point, the grant type and the scope that your API expects to receive.
[](https://downloads.intercomcdn.com/i/o/817686644/d00a543b6720022be368b97f/0ac03aec-a82c-43b4-9c76-6fdb434b4288.png?expires=1725953400\&signature=5b8cbdd4c897449b60cfa30f4b5488973f2f102c13530e88f8957abfaad67669\&req=fCEgEMF4m4VbFb4f3HP0gFAfyV%2BerdrhlcRSf2gz%2FfF4w21esZa7OEiDeS50%0ARP5lX99sZA%2BhjhwMvg%3D%3D%0A)
When OAuth is configured, customers will be asked to enter their Client ID and Client Secret to activate the integration.
[](https://downloads.intercomcdn.com/i/o/817687392/adffc36386c77e3460aefa8a/Screenshot+2023-08-29+at+9.11.49+AM.png?expires=1725953400\&signature=aa500a54b27793b18248cd48ffc916658ae540413b46e72cf57ada9f74cc0248\&req=fCEgEMF5nohdFb4f3HP0gCPm5z%2FeOs7cfGq8yxtELR%2FETfi%2Frq3uLh65CphF%0AyZDzta9arN2kpQ5chQ%3D%3D%0A)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.zapiet.com/last-mile-api/authentication.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.