# Authentication with Personal Access Token

{% hint style="info" %}
**Note:** This feature works differently in sipgate neo, so this article does not apply.
{% endhint %}

To authenticate with the sipgate REST API, you can use personal access tokens. Long-term, these will replace the basic auth procedure. So if you are just getting started with sipgate.io, personal access tokens are the way to go.

They use a unique combination of token id and token instead of the usual username and password combination for authentication (basic auth).

Compared to basic auth, personal access tokens are more secure:

* Finer control through scopes lets you manage authorizations
* Scopes let you limit access to certain areas of the account for certain tokens
* You can easily delete compromised tokens
* No need to send username and password over the network
* If you enabled 2-factor authentication, this also protects generating tokens

**Note:** You can create, manage and delete your personal access tokens in your [account](https://app.sipgate.com/personal-access-token).

**Note:** When assigning scopes (authorizations), make sure that you only assign the scopes that are required for your application. Granting unnecessary access represents a security risk.

Examples of how you can use a personal access token to authenticate with the API can be found in our [documentation](https://www.sipgate.io/rest-api/authentication?_ga=2.140987957.680607813.1617031324-1129035176.1569228376#personalAccessToken).