> ## Documentation Index
> Fetch the complete documentation index at: https://docs.embedreach.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Welcome to the Reach API

## OpenAPI Specification

Download our OpenAPI specification to import into Postman or other API tools:

<CardGroup cols={2}>
  <Card title="Download OpenAPI JSON" icon="file-code" href="/api-reference/openapi.json">
    Download the complete OpenAPI 3.0 specification file
  </Card>
</CardGroup>

## Authentication

API endpoints are authenticated using JWT tokens. Include your signed JWT token in the Authorization header of your requests:

```json theme={null}
{
  "Authorization": "Bearer <your_signed_jwt_token>"
}
```

<Note>
  To obtain a JWT secret, please reach out to the Reach team at [support@embedreach.com](mailto:support@embedreach.com)
</Note>

### API Route Patterns

Our API uses two route patterns with different authentication requirements:

#### Partner Routes (`/partner/*`)

APIs which begin with `/partner` use **partner-scoped JWT tokens** and are used for actions which apply to the partner as a whole. These routes manage partner-level resources and configurations.

#### Tenant Routes (`/api/*`)

APIs which begin with `/api/` are **tenant-scoped**. They can use either:

* A **tenant-scoped JWT token** (the tenant is identified from the `tenantExternalId` field in the JWT, so no header is needed), OR
* A **partner-scoped JWT token** with the `reach-tenant-id` header set (required), which allows you to take action on the specific tenant

When using a partner-scoped JWT with tenant routes, you must include the tenant ID header:

```json theme={null}
{
  "Authorization": "Bearer <your_partner_scoped_jwt_token>",
  "reach-tenant-id": "<tenant_id>"
}
```

### JWT Token Types

We have two types of JWT tokens:

#### Tenant Scoped JWT

This is a JWT token that contains the tenant's external ID (`tenantExternalId`) and is signed with your partner secret. This can be used to send to your Frontend client in order to allow them to make requests that only have access to that tenant.

#### Partner Scoped JWT

This is a JWT token that contains your partner ID and is signed with your partner secret. This can be used to make requests to partner-level API endpoints or tenant-level endpoints when combined with the `reach-tenant-id` header.

Learn more about [our JWT tokens](/embeddable-ui/authentication#jwt-token-requirements)