# Authentication

Have a look at the [Authentication overview](https://documentation.sceenic.co/watch-together-sdk/sscale-confluence-overview) and [Watch Together overview](https://documentation.sceenic.co/watch-together-sdk/sscale-confluence-watch-together-overview).

An `Access Token` is needed in order to allow a client to connect to a Session.

{% hint style="danger" %}
**Note:** It is important that the client application does not request an Access Token directly from the frontend. By doing that you risk exposing the API\_TOKEN and API\_SECRET.
{% endhint %}

* To learn how to acquire an Access Token please look at the [Cluster Authentication Server](https://documentation.sceenic.co/watch-together-sdk/sscale-confluence-api-references/cluster-authentication-service-reference-cas-2) (CAS) reference
* To simplify the tutorial, in the section below you can see an example of getting an Access Token.

### Acquiring an Access Token <a href="#acquiring-an-access-token" id="acquiring-an-access-token"></a>

{% tabs %}
{% tab title="cUrl(Bash)" %}

```bash
curl -iL --request GET --url https://YOUR_CAS_URL/stream/token/v2/ --header 'auth-api-key: API_KEY'   --header 'auth-api-secret: API_SECRET'
```

{% endtab %}
{% endtabs %}

The `Access Token` is a JWT token - more about jwt you can read - [here](https://en.wikipedia.org/wiki/JSON_Web_Token).

A successful response will look like that:

```
{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...."
}
```

{% hint style="info" %}
You can get your API\_KEY and API\_SECRET in your private area, [here](https://media.sceenic.co/).
{% endhint %}

{% hint style="warning" %}
**Note:** Every Streaming Token corresponds to one specific Session only. To allow two different clients to connect to the same Session, the clients need to use the same `Access Token`.
{% endhint %}

### Going to production

When moving from the Sandbox environment to production you will need to implement your own authentication server. \
This server will supply the various clients (Web, Android, and iOS) with a valid Access Token so that they can use the service.

For that you will need:

* API\_KEY, and API\_SECRET - can be retrieved in your private area once you [login ](https://media.sceenic.co/)
* Your own working authentication server - [Authentication overview](https://documentation.sceenic.co/watch-together-sdk/sscale-confluence-overview)