# Authentication

CloudIO REST API supports authentication using username and password, or with a key and secret, or with OAuth 2.0, an open protocol that allows secure API authorization.

## JSON

Both the request and response payloads are in JavaScript Object Notation (JSON) format with UTF-8 encoding. Date-time information is in ISO 8601 format. For example, 2012-08-30T02:56:20.000-0700

## Understanding authentication

CloudIO uses the OAuth protocol to allow the users of the application to securely access data without having to reveal their username and password credentials. For a simple integration, CloudIO supports username and password, or a key and secret option. Before making REST API calls, the client application must authenticate the application user using one of these methods. After successfully authenticating the client application user with CloudIO, the client receives a *sessionId* token which are used to make authenticated REST API calls.

To generate a token and secret key, sign into the CloudIO Platform and navigate to /api/keys though the browser.

The *sessionId* attribute in the response is stored by the client application and is passed in all the subsequent authenticated REST API calls. The *sessionId* expires if the client application is inactive for the number of minutes exceeding those specified in the *sessionTimeout* attribute. You can set the *sessionTimeout* for the REST client user using default session timeout CoudIO profile at the user level.

{% hint style="success" %}
**Note:** The client application will have access to the datasources that are assigned to the roles accessible to the connected user.
{% endhint %}

## Checking the validity of an existing session

The *sessionId* passed in every REST API request must be valid and active. You can use *validateSession* API to validate a given sessionId before making the actual REST API request.