Authentication is required to use the API. There are two types of authentication methods.
Either of the authentication methods can be used, but only one at a time.

 Authentication type
Type Contents Expiration

API Key Authentication

An authentication method that grants API usage based on a key.
A form of sharing a key within a group.

No Expiration

OAuth Authentication

An authentication method that grants API usage based on an Access Token issued using Client ID and Client Secret.
A form that uses an Access Token on a per-account basis.

One hour from being issued

Steps to use API Key Authentication:
1) Create a new API key on the API key authentication information creation screen of the portal site.

Select a group from "Group List" to display "Group Information" and click [Create] on "API Key Information" of "Authentication Information" tab of "Group Information".

API Keys
2) Specify an API key and then use the API for each service.

The API key is specified in the HTTP header as follows.
'X-Api-Key: <API Key> '

Note: Using Primary Key and Secondary Key

Although the expiration of API keys is infinite, you may need to regenerate the API keys that your application uses for security reasons (Key misuse, etc.). If only one API key is used, the application will fail authentication when the key is regenerated and processing will not continue. The application can then continue to execute the API by retrying with a valid key (Secondary keys, etc.).

Steps to use OAuth Authentication:
1) Create a new Client ID and Client Secret on the OAuth authentication information creation screen of the portal site.

Select a group from "Group List" to display "Group Information" and click [Create] on "OAuth Information" of "Authentication Information" tab of "Group Information".

OAuth Authentication
2) Issue an access token using the Client ID and Client Secret key.

Issue it using API Authentication API Reference.

 [How to issue an access token]

 (1) Click [Try it out] in the tokens (POST) API.

POST_tokens1

 (2) Enter the items enclosed in a red box and click [Execute].
   In the Request body, enter the Client ID and Client Secret you created in 1).

POST_tokens2

 (3) The "accessToken" is reported to the Response body.

POST_tokens3
3) Specify an Access Token and then use the API for each service.

The Access Token is specified in the HTTP header as follows.
'X-Access-Token: <Access Token> '

Note: How to update the Access Token Securely.

When an Access Token is issued, a Refresh Token is issued at the same time.
Before the access token expires, you can use Refresh Token instead of Client ID/Client Secret to reissue the Access Token using the tokens (PATCH) API in API Authentication API Reference.
However, the Refresh Token expires one day from when it is issued.