# Authentication

There are three authentication mechanisms for access the Whisk Graph API. They all require registering an application on the Whisk Platform first. You can do this by [contacting us](https://whisk.com/business/contact/).

## Server Token

A server token can be used to access data that does not require a Whisk user context.

**Issued Server Token plays the role of ApiKey and needs to be stored securely. It should be used only from servers (not browsers or devices)**

Server Token allows you to use a range of Whisk APIs in a read-only manner (e.g. Feed, Search). In addition to that, it will allow using APIs to manage Application configuration.

## User Access Token

A user access token is required when a Whisk user context is necessary and is generated using the OAuth 2.0 flow. It allows you to access the following APIs:

| METHOD | ENDPOINT | DESCRIPTION |
| ------ | -------- | ----------- |
| GET    | `/v1/me` | User Info   |

## Client Token

The client token is an identifier that you can embed into native mobile binaries or desktop apps to identify your app. The client token isn't meant to be a secret identifier because it's embedded in apps. The client token is used to access a limited subset of Whisk APIs.