# OAuth Authentication

The Passolution Dataservice API uses OAuth 2.0 protocol, an industry-standard for authentication & authorization of third-party applications (eg: your app) to gain delegated access to API resources (eg: Entry Requirements provided by Passolution) on a user's (Passolution) behalf.

Our API (`api.passolution.eu`) requires OAuth Access Token to be sent as Bearer Token in HTTP `Authorization` header, ie:


```text
Authorization: Bearer <access-token>
```

Our Authorization Server (`web.passolution.eu`) implements OAuth 2.0 specification to facilitate acquisition of User's Access Token by third party applications (eg: your app). It authenticates Passolution users and then allows users to authorize third party applications (ie: your app) to access Passolution API on their behalf for providing services to them that rely on Passolution data.

**If you want to provide services to Passolution users, you will need to get your OAuth Client details as** [**described here**](/oauth/requesting-access-tokens).

## OAuth Benefits

- Third-party applications are not required to handle or store user credentials, which can be a security risk.
- Third-party applications gain delegated access, i.e., access only to resources authorized by user.
- Users can revoke an application's access anytime.
- OAuth 2.0 access tokens expire after a set period of time which reduces risk, eg: when old access tokens are leaked in a security breach. If an application faces a security breach, all its access tokens can be disabled at once (preventing unauthorized access) without affecting user's or other application's access.


## How OAuth 2.0 works?

![OAuth Process](https://api.passolution.eu/images/oauth_process.png)
Open Full Image