# Authorization

To authorize your application's requests to the Loom AI API you must first obtain an access token by requesting an [user's authorization](https://docs.loomai.com/api/authentication/authorization-code-flow-with-pkce) or by [authenticating directly](https://docs.loomai.com/api/authentication/resource-owner-flow) using your [application's credentials](https://docs.loomai.com/guides/api-credentials).

Once you received an access token, you can authorize requests by adding the `Authorization` header using `token_type` and `access_token` provided by the authentication response as value.

```http
Authorization: {TOKEN_TYPE} {ACCESS_TOKEN}
```

#### Example

```http
Authorization: Bearer eyJz93a...k4laUWw
```

If your application requests the Loom AI API with missing, invalid or expired credentials, it will receive a `HTTP 401 Unauthorized` response.

If your application requests a Loom AI API resource that it is not authorized to access, for example due to a missing authorization scope, it will receive a `HTTP 403 Forbidden` response.

See [Status](https://docs.loomai.com/schema/status#http-status-codes) for more details on API status codes.