# How it works

To access the InEvent API, you'll need an access token. How you get this token depends on if your app is for your own usage or for the public's usage.

Generate an **Access Token** if you're using the API to access data in your own InEvent workspace.\
Use OAuth if you're building a publicly-available app that accesses other people's InEvent data (in construction).

To access endpoints that require authentication you must send the `tokenID` **query parameter** in your API call, like the example below:

```sh
curl -X GET "https://api.inevent.com/?action=api.describe&tokenID=YOUR_TOKEN_HERE"
```

Every time you see a `tokenID` parameter, it means the endpoint requires authentication and that you must use your encrypted **Access Token** as value for that parameter. Also, every token has a *scope* and we have a couple of different *scopes* you can use, and for a given *scope*, you may have different *permission levels* for that **Access Token**.