> ## Documentation Index > Fetch the complete documentation index at: https://docs.cube.dev/llms.txt > Use this file to discover all available pages before exploring further. # Authentication > Authenticate REST and SCIM requests with a token sent using the Bearer prefix. How you authenticate depends on which API you call. Both the REST management API (`/api/v1/…`) and the SCIM API (`/api/scim/v2/…`) take a token in the `Authorization` header with the `Bearer` prefix, and only HTTPS is accepted. ## REST API (`/api/v1`) Authenticate deployment, report, and workbook requests with a token sent using the `Bearer` prefix: ```text theme={"dark"} Authorization: Bearer ``` The token can be an API key generated in your Cube Cloud account settings, or an OAuth access token from Cube Cloud's OAuth flow — both are sent the same way. ```bash theme={"dark"} curl --request GET \ --url 'https://.cubecloud.dev/api/v1/deployments' \ --header 'Authorization: Bearer ' ``` ## SCIM API (`/api/scim/v2`) Authenticate user and group provisioning requests with a SCIM bearer token, configured in your identity provider's SCIM integration: ```text theme={"dark"} Authorization: Bearer ``` The SCIM API requires the `Bearer` prefix because identity providers (Microsoft Entra ID, Okta, and others) send credentials this way per [RFC 7644](https://datatracker.ietf.org/doc/html/rfc7644). The SCIM token is a Cube Cloud API key, so `Api-Key ` is also accepted here. Generate a SCIM token in your Cube Cloud account settings, then configure it in your identity provider alongside the [base URL](/api-reference/introduction#platform-api). ```bash theme={"dark"} curl --request GET \ --url 'https://.cubecloud.dev/api/scim/v2/Users?count=100&startIndex=1' \ --header 'Authorization: Bearer ' ``` Treat API keys and SCIM tokens like passwords — they grant full access to your account's resources. Store them securely and rotate them if they are exposed. A `401 Unauthorized` response means the credential is missing, malformed, or expired.