# Authentication Types The TEOS API supports two authentication scenarios. Depending on your application setup, you can use API Key or User Access Token. #### Option 1: API Key Use this option if your system already has its own backend and authentication for end users. Characteristics: * Self-sufficient system with a server-side component. * The backend communicates directly with TEOS API. * End users are authenticated by your system. * Operations in TEOS API are executed on behalf of a registered administrator in TEOS Platform. * One or several administrators are registered to configure and maintain TEOS API processes. * API Key is generated for the administrator.

#### Option 2: User Access Token Use this option if your application does not have its own backend or authentication system. Characteristics: * Client application without server-side authentication. * WLA-based application. * TEOS Authentication service is used to authenticate end users. * User account data is stored in TEOS Authentication service. * Integration with TEOS Authentication service is required to use TEOS API flows.

#### Quick Comparison | **Feature / Setup** | **API Key** | **User Access Token** | | --------------------------------------- | --------------------------------------- | ----------------------------------- | | **Backend required** | Yes | No | | **Who authenticates end users?** | Your system | TEOS Authentication service | | **Who is registered in TEOS Platform?** | Administrator(s) | End users (via TEOS Authentication) | | **Storage of user account data** | Your system | TEOS Authentication service | | **When to use** | Full backend with custom authentication | WLA-based applications |