> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medera.info/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart — Authentication

> Authenticate to the Medera API in 60 seconds.

Three credential paths cover every integration. Pick the one that matches your application.

## Option 1 — End-user (session JWT)

End-user sign-in uses your tenant's managed identity provider. After sign-in, the session JWT is automatically attached to every request the frontend makes.

<CodeGroup>
  ```typescript React theme={"system"}
  import { useAuth } from '@clerk/clerk-react'; function MyComponent { const { getToken } = useAuth; async function listPatients { const token = await getToken; const res = await fetch('https://api.medera.info/api/patients', { headers: { Authorization: `Bearer ${token}` }, }); return res.json; } } 
  ```

  ```typescript Next.js theme={"system"}
  import { auth } from '@clerk/nextjs/server'; export default async function Page { const { getToken } = await auth; const token = await getToken; const res = await fetch('https://api.medera.info/api/patients', { headers: { Authorization: `Bearer ${token}` }, }); return <pre>{JSON.stringify(await res.json, null, 2)}</pre>; } 
  ```
</CodeGroup>

## Option 2 — Server-to-server (Developer API Key)

For backend integrations and batch jobs, use a Developer API Key created in the Console under **Settings → Developer API Keys**.

<CodeGroup>
  ```bash theme={"system"}
  cURL curl https://api.medera.info/api/agent-workflows \ -H "X-API-Key: $MEDERA_API_KEY" 
  ```

  ```typescript JavaScript theme={"system"}
  import { MederaClient } from '@medera/sdk'; const client = new MederaClient({ apiKey: process.env.MEDERA_API_KEY!, }); const workflows = await client.workflows.list; 
  ```

  ```python Python theme={"system"}
  from medera import MederaClient import os client = MederaClient(api_key=os.environ["MEDERA_API_KEY"]) workflows = client.workflows.list 
  ```
</CodeGroup>

## Option 3 — Internal service-to-service

The AI Services (internal service) and backend (internal service) communicate using a tenant-scoped `X-Service-Key` header. This is for internal use; **do not expose to clients**.

## SDK token refresh

The SDKs automatically refresh tokens before expiration.

There is no need to track expiry manually.

<CodeGroup>
  ```typescript JavaScript theme={"system"}
  // Token is refreshed automatically const session = await client.sessions.get('ses_abc'); 
  ```

  ```python Python theme={"system"}
  # Token is refreshed automatically session = client.sessions.get('ses_abc') 
  ```
</CodeGroup>

***

## What's next

<CardGroup cols={2}>
  <Card title="Creating Clients" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/key.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=4ef54e51baa6c73498065cb90a8834ff" href="/authentication/creating-clients" width="40" height="40" data-path="icons/ui/key.svg">
    Generate your first API key.
  </Card>

  <Card title="Security Best Practices" icon="https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c" href="/authentication/security-best-practices" width="40" height="40" data-path="icons/ui/shield-check.svg">
    Five rules to follow.
  </Card>
</CardGroup>
