# Authentication

API calls are authenticated via Web Tokens. At a high level, authentication works by the add-on exchanging a security context with the application. This context is used to create and validate tokens, embedded in API calls.

- To use the API, you will need to retrieve the API credentials.
- Create a Wyzio contact to handle the API requests at https://wyzio.app/contacts.
- Give that contact the user role.
- On the User tab, in the permissions area, apply to the contact the **Webservice** role.
- Go to the RESTful API section.
- A token linked to the account will be shown on this page.
- When you generate a request to the REST API, pass in the header the key `WEAL-TOKEN` (Wyzio Enhanced API Library) and, as the value, the token of the user.
- All calls must be made using `Wyzio/1.0` as User Agent.