# API Reference Overview

## Authentication

Authentication is performed using the API key from a parent project in your [Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys). You can use an existing key or create a new one.

We use OAuth 2.0 to create a bearer token. The bearer token can be used to make calls to the Subprojects API.

Note:
There may be *up to a 30 second delay* between subproject creation and use with a parent project.

### Exchange credentials for an access token

Exchange your **Key ID** and **Key Secret** [found in the Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys) for a bearer token (also known as the `access_token`).

```curl
curl https://auth.sinch.com/oauth2/token -d grant_type=client_credentials --user YOUR_Key_ID:YOUR_Key_Secret
```

Your `access_token` will be included in a successful response. The access token can be used as the bearer token in each call to the Subprojects API. For example:

```curl
curl https://subproject.api.sinch.com/v1alpha1/projects/YOUR_parent_project_ID/subprojects 
-H "Authorization: Bearer YOUR_access_token"
```

The bearer token is valid for one hour.

### Basic Authentication

Basic authentication is also an option with the Subprojects API by using a [key ID and key secret](https://dashboard.sinch.com/settings/access-keys) to authenticate requests. You can view and manage your API keys [here](https://dashboard.sinch.com/settings/access-keys).

**Note:** Basic authentication should only be used for testing or prototyping. For production environments, we recommend using access tokens.

Authentication to the API is performed via [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication). Use your key ID as the basic auth username and your key secret as the password.

```shell
 --url 'https://subproject.api.sinch.com/v1alpha1/projects/${parentProjectId}/subprojects' \
 --header 'Accept: application/json' \
 -u YOUR_Key_ID:YOUR_Key_secret
```

## Server URL

The server URL is `subproject.api.sinch.com`.

## JSON

JSON (`application/json`) is the content type of both requests and responses if not otherwise specified.

Requests with invalid JSON will be rejected.

## Status codes

A summary of status codes can be found on the [error codes page](/docs/subproject/api-reference/status-codes).

## New features

New features might result in additional request and response parameters. New request parameters will either have a default value or be considered optional to retain backwards compatibility.