# Authentication

All requests must be authenticated and access will only be granted to resources a request has access to.

For the Admin API, authentication is scoped to the organization. Each organisation has an authentication token which allows management of all resources owned by that organisation. This is useful to maintain security when making client-side requests to the Visii API.

For the Vision API, each dataset has it's own authentication token and so authentication is scoped to the dataset. The token for each dataset can be retrieved from the Admin API via the dataset resource.

All unauthenticated requests will receive a 404 Not Found response. We use this rather than a 401 Unauthorized response so that we do not disclose the existence of any user data.

Authentication requires sending the appropriate API token using the Authorization header. For example if you are accessing the API via cURL (opens new window) you can specify the header like this:

curl -H "Accept: application/vnd.visii.v2+json" \
     -H "Authorization: token <api-token>" \
Last Updated: 2/10/2020, 11:10:02 AM