> ## Documentation Index
> Fetch the complete documentation index at: https://docs.typeauth.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn TypeAuth's authentication system. Explore token management, rate limiting, and access control features to secure your API endpoints effectively.

Authentication Profiles
Authentication profiles are central to TypeAuth's security model, defining how applications and their tokens handle authentication, rate limiting, and access control. These profiles act as reusable configuration templates that can be attached to multiple applications, ensuring consistent security policies across your API ecosystem.
Key Benefits

Centralized Security: Define authentication rules once, apply everywhere
Flexible Configuration: Support for both JWT and opaque tokens
Rate Control: Fine-grained request rate limiting and token replenishment
Token Management: Customizable token generation and expiration
Policy Inheritance: All tokens inherit their application's profile settings

Use Cases

API Products

Different tiers (Basic, Pro, Enterprise)
Usage-based pricing
Feature access control

Internal Services

Service-to-service authentication
Department-specific access limits
Development vs. Production settings

Customer APIs

Client credential management
Usage quotas
Customer-specific rate limits

## Configuration Properties

## Creating Profiles

```http theme={null}
POST /{account_id}/authentication/create
Content-Type: application/json

{
  "name": "basic-api-access",
  "keyType": "token",
  "ratelimit": {
    "requests": 1000,
    "window": 3600
  },
  "refill": {
    "tokens": 1000,
    "interval": 3600
  },
  "byteLength": 32,
  "prefix": "ta_"
}
```

## Example Configurations

### Basic API Access

```json theme={null}
{
  "name": "basic-api",
  "keyType": "token",
  "ratelimit": {
    "requests": 100,
    "window": 60
  },
  "byteLength": 32
}
```

### Enterprise Usage

```json theme={null}
{
  "name": "enterprise",
  "keyType": "token",
  "ratelimit": {
    "requests": 10000,
    "window": 3600
  },
  "refill": {
    "tokens": 10000,
    "interval": 3600
  },
  "byteLength": 64,
  "prefix": "ta_ent_"
}
```

### JWT Authentication

```json theme={null}
{
  "name": "jwt-auth",
  "keyType": "jwt",
  "jwt_id": "jwt_config_123",
  "ratelimit": {
    "requests": 5000,
    "window": 3600
  }
}
```

## Profile Inheritance

When an authentication profile is attached to an application:

1. All tokens inherit profile settings
2. Rate limits apply per token
3. Refill schedules operate independently
4. Expiration applies to new tokens

## Limitations

* Rate limit window: 1-86400 seconds
* Refill interval: 1-86400 seconds
* Token length: 16-128 bytes
* Prefix length: 50 characters max
* Maximum requests: 1000000 per window

## Best Practices

1. **Rate Limiting**
   * Set appropriate limits for use case
   * Configure refill for continuous usage
   * Consider burst traffic patterns

2. **Token Configuration**
   * Use minimum 32 bytes for security
   * Add descriptive prefixes
   * Set reasonable expiration

3. **Profile Management**
   * Create profiles per usage tier
   * Document profile purposes
   * Regular review and updates
