# Authentication & Authorization ## Auth Overview The Sway Charts REST API supports two auth methods: * **Basic authentication** - the simplest authentication type best suited for a simple B2C integration when security requirements are not high. It also consumes fewer resources on the server and client side. * **HMAC authentication** - most suitable for large B2B integrations with high security demands. It provides a digital signature for each request that guarantees that the request hasn't been tampered with. The Sway Charts REST API basic authentication should not be mistaken for standard HTTP Basic Authentication; these are different. Due to stateless nature of REST API, there is no strict notion of a user "session". Each request may be treated as a separate session, especially in case of HMAC Authentication when there is no separate "login" phase. That's why the system treats user sessions differently depending on the authentication type: * **Basic authentication** – client is considered logged in from the moment the "login" request completes successfully until any of the following events occur: * "Logout" is requested explicitly by the client or by the platform itself * More than a predefined timeout passes since the last request to the API * **HMAC authentication** – client is considered logged in from the moment of any first request until a predefined timeout passes since last request. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sway-technologies.gitbook.io/sway-charts-api-documentation/rest-api-specification/authentication-and-authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.