# Authentication While the API provides multiple methods for authentication, we strongly recommend using [OAuth](/apps/about-oauth-apps.md) for production applications. The other method provided is intended to be used for scripts or testing (i.e., cases where full OAuth would be overkill). Third party applications that rely on TextMaster for authentication should not ask for or collect TextMaster credentials. Instead, they should use the OAuth Authorization flow. ## OAuth2 OAuth2 is a protocol that lets external applications request authorization to private details in a user's TextMaster account without accessing their password. ```shell $ curl https://api.textmaster.com/v1/clients/users/me \ -H "Authorization: Bearer ACCESS-TOKEN" ``` {% hint style="info" %} **Tips:** TextMaster recommends sending OAuth tokens using the Authorization header. {% endhint %} For more on OAuth Apps, see: {% content-ref url="/pages/qYrz6Sqapsud2BoZSSbt" %} [About OAuth Apps](/apps/about-oauth-apps.md) {% endcontent-ref %} ## Signature {% hint style="warning" %} **Warning:** TextMaster discourages using the signature strategy to authenticate production applications to the API. Clients should use [OAuth2 Apps](/apps/about-oauth-apps.md) instead. {% endhint %} Signature is an authentication strategy that requires the client to compute a signature hash based on the user's pair of API keys. The signature is only valid for 5 minutes after its creation. For example, the following Shell script will compute that signature hash: ```shell #!/bin/bash APIKEY=somekey APISECRET=somesecret DATE=$(date -u +"%Y-%m-%d %H:%M:%S") SIGNATURE=$(echo -n $APISECRET$DATE | openssl sha1 | sed 's/.*= //') curl "https://api.textmaster.com/test" \ -H "Apikey: $APIKEY" \ -H "Date: $DATE" \ -H "Signature: $SIGNATURE" ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.textmaster.com/overview/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.