# Authentication Introduction The BoldSign API requires authentication for all endpoints. Both an OAuth2 bearer token and an API Key are accepted by the API endpoints. You must have a BoldSign subscription before you can authenticate to the API. All plans, including the free plan, provide access to the sandbox API. All API requests must be made using `HTTPS.` Any requests made through plain HTTP will result in failure. Similarly, API requests that do not include authentication will also fail. ## Scopes In the BoldSign API, certain endpoints require one or more scopes or permissions to be accessed. {% nestedtable %} - {% arguments name="BoldSign.Documents.All" /%} - Used to grant full control over the document resources. --- - {% arguments name="BoldSign.Documents.Write" /%} - Used to provide only the write document permission, such as remind, change access, and more. --- - {% arguments name="BoldSign.Documents.Delete" /%} - Used to grant only the delete document permission, such as delete document. --- - {% arguments name="BoldSign.Documents.Create" /%} - Used to grant only the create document permission, such as send, embedded request. --- - {% arguments name="BoldSign.Templates.All" /%} - Used to grant full control to the template resources. --- - {% arguments name="BoldSign.Templates.Read" /%} - Used to grant only the read template permission, such as a list. --- - {% arguments name="BoldSign.Templates.Write" /%} - Used to grant only the write template permission. --- - {% arguments name="BoldSign.Templates.Delete" /%} - Used to grant only the delete template permission for deleting the template. --- - {% arguments name="BoldSign.Templates.Create" /%} - Used to grant only the create template permission, such as create and embedded create. --- - {% arguments name="BoldSign.Users.All" /%} - Used to provide complete control over the user resources. --- - {% arguments name="BoldSign.Users.Read" /%} - Used to grant only the read user permission, such as list, get, etc. --- - {% arguments name="BoldSign.Users.Write" /%} - Used to grant only the write user permission, such as update, resend, etc. --- - {% arguments name="BoldSign.Teams.All" /%} - Used to provide complete control over the teams' resources. --- - {% arguments name="BoldSign.Teams.Read" /%} - Used to grant only the read team permission, such as list, get, etc. --- - {% arguments name="BoldSign.Teams.Write" /%} - Used to grant only the write team permission, such as update. --- - {% arguments name="BoldSign.SenderIdentity.All" /%} - Used to grant full control to the sender identity resources. --- - {% arguments name="BoldSign.SenderIdentity.Create" /%} - Used to grant only the sender identity create permission. --- - {% arguments name="BoldSign.SenderIdentity.Read" /%} - Used to grant only the read sender identity permission, such as a list. --- - {% arguments name="BoldSign.SenderIdentity.write" /%} - Used to grant only the write sender identity permission, such as update, resend, etc. --- - {% arguments name="BoldSign.SenderIdentity.Delete" /%} - Used to grant only the delete sender identity permission to delete the sender identities. --- - {% arguments name="offline_access" /%} - Used to request refresh token (Supported only in the authorization code flow). {% /nestedtable %} ## Sandbox vs Live {% nestedtable %} - It permits a maximum of 50 API requests per hour. - It offers a higher limit of 2000 API requests per hour. --- - The document created using the sandbox environment will be automatically deleted after 14 days. - The documents created using live environments are never deleted automatically. --- - The generated PDFs will have test watermarks that are not legally valid. - The generated PDFs will have no watermarks, and they are legally valid. {% /nestedtable %}