# Authenticate

impact.com supports 2 authentication types. You pick the type based on your goal.

### Choose an auth type

Use an API key when your code accesses your own impact.com account.

Use OAuth 2.0 when your app accesses another user’s impact.com account.

### Use an API key for own-account access

Use API key auth for server-to-server automation, internal tooling, or a single-account integration.

You authenticate with HTTP Basic auth using your API access token:

* Use `AccountSID` as the username.
* Use `AuthToken` as the password.

Next, follow the full guide:

* [Create an API Key](/rest-apis/api-quick-start/create-an-api-key.md)

### Use OAuth 2.0 for user-consented access

Use OAuth 2.0 when you need delegated access, user consent, or a multi-account app.

You redirect the user to impact.com to sign in and consent. You then call the API using a bearer token.

Next, follow the full guide:

* [Set Up OAuth 2.0](/rest-apis/wip-not-used-yet/authenticate/set-up-oauth-2.0.md)

### Follow a best practice

* Store `AuthToken`, `client_secret`, and `refresh_token` in a server-side secret store.
* Grant the minimum scope you need in production.
* Rotate a secret value on a regular schedule.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://integrations.impact.com/rest-apis/wip-not-used-yet/authenticate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.