> For the complete documentation index, see [llms.txt](https://docs.loomai.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.loomai.com/api/authorization.md).

# Authorization

To authorize your application's requests to the Loom AI API you must first obtain an access token by requesting an [user's authorization](/api/authentication/authorization-code-flow-with-pkce.md) or by [authenticating directly](/api/authentication/resource-owner-flow.md) using your [application's credentials](/guides/api-credentials.md).

Once you received an access token, you can authorize requests by adding the `Authorization` header using `token_type` and `access_token` provided by the authentication response as value.

```http
Authorization: {TOKEN_TYPE} {ACCESS_TOKEN}
```

#### Example

```http
Authorization: Bearer eyJz93a...k4laUWw
```

If your application requests the Loom AI API with missing, invalid or expired credentials, it will receive a `HTTP 401 Unauthorized` response.

If your application requests a Loom AI API resource that it is not authorized to access, for example due to a missing authorization scope, it will receive a `HTTP 403 Forbidden` response.

See [Status](/api/schema/status.md#http-status-codes) for more details on API status codes.
