---
title: Authentication
description: "How external systems authenticate with Laravel Sanctum."
---

The external Review Manager API uses Laravel Sanctum bearer tokens.

Send the token in the `Authorization` header:

```bash
curl https://review-manager.test/api/projects/1 \
  -H "Accept: application/json" \
  -H "Authorization: Bearer $REVIEW_MANAGER_TOKEN"
```

## Required Headers

| Header | Value |
| --- | --- |
| `Accept` | `application/json` |
| `Authorization` | `Bearer <sanctum-token>` |

## Authentication Failures

Requests without a valid Sanctum token return `401 Unauthorized`.

<Warning>
The API docs do not expose a token creation endpoint. Create and rotate Sanctum tokens through the approved internal operational process for this installation.
</Warning>