> ## Documentation Index
> Fetch the complete documentation index at: https://docs.royaltyport.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with the Royaltyport API using API tokens.

Authenticate with the Royaltyport API by including an API token in the `Authorization` header of every request. Tokens provide a static credential suitable for server-side integrations, scripts, CI/CD pipelines, and automation.

<Note>
  Looking for MCP authentication? MCP clients use **OAuth 2.1** for interactive sign-in. See [MCP Authentication](/mcp-reference/authentication) for details.
</Note>

## Bearer Token Authentication

Include your token in the `Authorization` header:

```bash theme={null}
curl https://api.royaltyport.com/v1/projects \
  -H "Authorization: Bearer rp_your_token_here"
```

Tokens use the `rp_` prefix for easy identification.

***

## Creating Tokens

Tokens are managed from **Organizations > Settings > Tokens**. Only users with the **Admin** or **Owner** role can create and delete tokens.

<Steps>
  <Step title="Navigate to Settings > Tokens">
    Open your organization from the Dashboard, click **Settings**, then select the **Tokens** tab.
  </Step>

  <Step title="Configure the token">
    Provide a descriptive name, select the project the token should access, and choose an expiration period:

    | Option  | Duration              |
    | ------- | --------------------- |
    | 1 Day   | Expires after 1 day   |
    | 7 Days  | Expires after 7 days  |
    | 30 Days | Expires after 30 days |
    | 60 Days | Expires after 60 days |
    | 90 Days | Expires after 90 days |
    | Never   | Token does not expire |
  </Step>

  <Step title="Copy your token">
    After clicking **Create**, the token value is displayed once. Copy it and store it securely.

    <Warning>
      The token value is only shown once. It cannot be retrieved after you close the dialog.
    </Warning>
  </Step>
</Steps>

For full token management details, see the [API Tokens settings page](/organizations/settings/tokens).

***

## Token Scope

Tokens can be scoped at two levels:

* **Project-scoped** — the token can only access data belonging to its assigned project. This is the default when creating a token.
* **Organization-scoped** — the token can access all projects within the organization.

**How scope affects endpoints:**

* **Organization-level endpoints** (e.g., listing projects): A project-scoped token returns only its assigned project. An organization-scoped token returns all projects.
* **Project-level endpoints** (e.g., listing contracts): The token's project scope must match the requested `projectId`.

***

## Permission Requirements

| Action                     | Required Role     |
| -------------------------- | ----------------- |
| Create a token             | Admin, Owner      |
| Delete a token             | Admin, Owner      |
| Use a token (API requests) | Any (token-based) |