> ## Documentation Index
> Fetch the complete documentation index at: https://docs.moneda.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Moneda REST API

The REST API uses the same OAuth 2.0 tokens you already have from the MCP authentication flow. No additional credentials or API keys are needed.

## How it works

Include your OAuth 2.0 Bearer token in the `Authorization` header of every request:

```
Authorization: Bearer <token>
```

Your token is obtained through the standard MCP OAuth flow. If you've already connected an AI assistant to Moneda, you have a valid token.

<Info>
  The REST API and MCP server share the same authentication system. A token that works for MCP will work for the REST API, and vice versa.
</Info>

## Example request

```bash theme={null}
curl -X GET https://api.moneda.com/v1/balances \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..."
```

## Scopes

The REST API enforces the same 22 OAuth scopes as MCP. Each endpoint requires one or more scopes to be present on your token. For example, `GET /v1/balances` requires the `read:balances` scope.

If your token is missing a required scope, the API returns a `403 Forbidden` response with a message indicating which scope is needed.

<Note>
  See the full list of scopes and what they grant access to on the [Scopes](/scopes) page.
</Note>

## Unauthenticated endpoints

The `GET /v1/health` endpoint does not require authentication. You can use it to verify the API is reachable:

```bash theme={null}
curl https://api.moneda.com/v1/health
```

## Error responses

When authentication fails, the API returns standard HTTP status codes:

| Status             | Meaning                                     |
| ------------------ | ------------------------------------------- |
| `401 Unauthorized` | Missing or invalid token                    |
| `403 Forbidden`    | Token is valid but lacks the required scope |

## What's next?

<CardGroup cols={2}>
  <Card title="API Endpoints" icon="list" href="/api/endpoints">
    See all 43 endpoints and what scopes they require.
  </Card>

  <Card title="Scopes" icon="list-check" href="/scopes">
    Full reference of all 22 OAuth scopes.
  </Card>

  <Card title="MCP Authentication" icon="shield-check" href="/getting-started/authentication">
    Learn how the underlying OAuth flow works.
  </Card>

  <Card title="OpenAPI Spec" icon="file-code" href="/api/openapi">
    Explore the API interactively with Swagger UI.
  </Card>
</CardGroup>
