# API Reference Overview ## Authentication Authentication is performed using the API key from a parent project in your [Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys). You can use an existing key or create a new one. We use OAuth 2.0 to create a bearer token. The bearer token can be used to make calls to the Subprojects API. Note: There may be *up to a 30 second delay* between subproject creation and use with a parent project. ### Exchange credentials for an access token Exchange your **Key ID** and **Key Secret** [found in the Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys) for a bearer token (also known as the `access_token`). ```curl curl https://auth.sinch.com/oauth2/token -d grant_type=client_credentials --user YOUR_Key_ID:YOUR_Key_Secret ``` Your `access_token` will be included in a successful response. The access token can be used as the bearer token in each call to the Subprojects API. For example: ```curl curl https://subproject.api.sinch.com/v1alpha1/projects/YOUR_parent_project_ID/subprojects -H "Authorization: Bearer YOUR_access_token" ``` The bearer token is valid for one hour. ### Basic Authentication Basic authentication is also an option with the Subprojects API by using a [key ID and key secret](https://dashboard.sinch.com/settings/access-keys) to authenticate requests. You can view and manage your API keys [here](https://dashboard.sinch.com/settings/access-keys). **Note:** Basic authentication should only be used for testing or prototyping. For production environments, we recommend using access tokens. Authentication to the API is performed via [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication). Use your key ID as the basic auth username and your key secret as the password. ```shell --url 'https://subproject.api.sinch.com/v1alpha1/projects/${parentProjectId}/subprojects' \ --header 'Accept: application/json' \ -u YOUR_Key_ID:YOUR_Key_secret ``` ## Server URL The server URL is `subproject.api.sinch.com`. ## JSON JSON (`application/json`) is the content type of both requests and responses if not otherwise specified. Requests with invalid JSON will be rejected. ## Status codes A summary of status codes can be found on the [error codes page](/docs/subproject/api-reference/status-codes). ## New features New features might result in additional request and response parameters. New request parameters will either have a default value or be considered optional to retain backwards compatibility.