# Authentication

## Authenticating

All API requests will require an `Authorization` header that includes your API token as the `Bearer` token.

```
$ curl https://api.clients.icaal.co.uk/scopes \
    -H 'Authorization: Bearer xxxxxxxx' \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json'
```

You will receive a `401` response code if the request has not been authenticated.

## List Scopes

<mark style="color:blue;">`GET`</mark> `https://api.clients.icaal.co.uk/scopes`

List the permission scopes available for the authenticated account.

#### Headers

| Name          | Type   | Description                          |
| ------------- | ------ | ------------------------------------ |
| Authorization | string | Authenticate using the bearer token. |

{% tabs %}
{% tab title="200 " %}

```javascript
[
    "leads:list",
    "leads:view",
    "leads:create",
    "leads:update",
    "leads:delete",
    "users:list"
]
```

{% endtab %}
{% endtabs %}