> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gorules.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with GoRules APIs using tokens

GoRules APIs support two authentication methods depending on the token type:

| Token Type            | Header                          |
| --------------------- | ------------------------------- |
| Personal Access Token | `Authorization: Bearer <token>` |
| Evaluation Token      | `X-Access-Token: <token>`       |

## Personal Access Tokens

Personal Access Tokens (PAT) authenticate requests to the BRMS API with your user identity. Use PATs for:

* Managing projects, documents, and releases
* Administrative operations
* CI/CD pipelines that need full API access

### Creating a PAT

1. Navigate to your **Profile** in the BRMS
2. Find the **Personal access token** section
3. Click **Generate token**
4. Configure the token:
   * **Note**: A description to identify the token's purpose
   * **Expiry**: Token lifetime (Month, Quarter, Year, or custom)
   * **All projects**: Toggle to grant access to all projects or select specific ones
   * **Permissions**: Select the required permissions

### PAT Permissions

| Permission          | Description                                       |
| ------------------- | ------------------------------------------------- |
| Project Manage      | Members, groups, tokens, approvers, configuration |
| Documents           | Access to decision documents (Projects v1)        |
| Branches            | Access to branches (Projects v2)                  |
| Integrations manage | Manage integrations (deprecated)                  |
| Releases            | Create and manage releases                        |
| Environments        | Configure and deploy to environments              |

<Warning>
  Store your PAT securely. It provides access to your BRMS resources based on the permissions granted.
</Warning>

## Evaluation Tokens

Evaluation tokens authenticate requests to evaluate decisions. They are scoped to a specific project and used for:

* Evaluating decisions via BRMS API
* Authenticating with the Agent service
* Production workloads

### Creating an Evaluation Token

1. Open your project in the BRMS
2. Go to **Settings** > **Access Tokens**
3. Click **Generate token**
4. Give the token a name

### Using Evaluation Tokens

Evaluation tokens work with both the BRMS evaluation endpoints and the Agent service:

<CodeGroup>
  ```bash BRMS Evaluation theme={null}
  curl -X POST https://your-brms.example.com/api/projects/{project}/evaluate/{key} \
    -H "X-Access-Token: <evaluation-token>" \
    -H "Content-Type: application/json" \
    -d '{"context": {"input": "value"}}'
  ```

  ```bash Agent Evaluation theme={null}
  curl -X POST https://your-agent.example.com/api/projects/{project}/evaluate/{key} \
    -H "X-Access-Token: <evaluation-token>" \
    -H "Content-Type: application/json" \
    -d '{"context": {"input": "value"}}'
  ```
</CodeGroup>

<Note>
  Evaluation tokens are contained within releases. When you deploy a release to the Agent, the token is used to authenticate evaluation requests.
</Note>

## Token Comparison

| Feature                  | Personal Access Token | Evaluation Token     |
| ------------------------ | --------------------- | -------------------- |
| Created in               | Profile               | Project Settings     |
| Scope                    | User-level            | Project-level        |
| BRMS management API      | Yes                   | No                   |
| BRMS evaluation API      | Yes                   | Yes                  |
| Agent API                | No                    | Yes                  |
| Configurable permissions | Yes                   | No (evaluation only) |