> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tesouro.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Learn how to authenticate with the Underwriting API.

All requests to the Underwriting API must be made over HTTPS and authenticated with a `Bearer` token, generated using the OAuth 2.0 protocol.

## Key concepts

* **Secure data transmission**: API requests must be made via HTTPS. Calls over plain HTTP will not succeed.
* **Bearer token authentication**: All API requests must include a `Bearer` token in the `Authorization` header. This is compliant with [OAuth 2.0](https://oauth.net/2/).

<Danger>
  Your client secret must be stored securely. It is not recoverable after creation — if lost, you
  must generate a new one.
</Danger>

## Available methods

<CardGroup cols={1}>
  <Card title="Client credentials" icon="key" href="/underwriting/guides/authentication/client-credentials" cta="Get started">
    Server-to-server authentication using the OAuth 2.0 `client_credentials` grant. Your backend
    exchanges a client ID and secret for a short-lived access token. Use this for all backend API
    calls.
  </Card>
</CardGroup>
