# Data API Authentication SingleStore's Data API uses Basic and Bearer Authentication standards. You can also use JWTs for password-less access to the database with Bearer Authentication. To authenticate via JWTs, specify the JWT in the Bearer Authorization header. For successful authentication, the JWT must be signed using a key listed in the JWKS that is fetched from the `jwks_endpoint` in the engine. See [Authenticate via JWT](https://docs.singlestore.com/db/v9.1/security/authentication/authenticate-via-jwt.md) for more information. To enable JWT-based authentication on SingleStore, * [Configure the JWKS](https://docs.singlestore.com/db/v9.1/security/authentication/authenticate-via-jwt/#section-idm4592226252089633070902698635.md) endpoint. Set the `jwks_endpoint` variable on the database server. * Make a HTTP request to the `/api/v2/jwks_setup` endpoint using the `POST` method. A user agent can authenticate with the server by sending its credentials in an Authorization request header. The Authorization header contains the authentication method (Basic or Bearer) followed by a space and then the authentication information constructed from a Base-64 encoded string `username:password|JWT`. ```HTTP Header Authorization: [Basic | Bearer] ``` For example, the Basic Authorization header for the username `demo` and password `Afu4XjzB1ns` appears as follows, where `ZGVtbzpBZnU0WGp6QjFucw==` is the Base-64 encoding of the `demo:Afu4XjzB1ns` string. ```HTTP Header Authorization: Basic ZGVtbzpBZnU0WGp6QjFucw== ``` If the server requires the user agent to authenticate itself after receiving an unauthenticated request, it will respond with a *401 Unauthorized* status and the *WWW-Authenticate* header. > **⚠️ Warning**: As the Basic and Bearer Authentication methods transfer the username and password (or JWTs) over the network in clear text, it must be used in conjunction with HTTPS/SSL for added security. The production usage of SingleStore's Data API should only take place with SSL (HTTPS) enabled to ensure that the authentication information is secure. *** Modified at: September 16, 2025 Source: [/db/v9.1/reference/data-api/data-api-authentication/](https://docs.singlestore.com/db/v9.1/reference/data-api/data-api-authentication/) (An index of the documentation is available at /llms.txt)