> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apps.filed.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Login via API token

> Exchange an API key for an access token

```graphql theme={null}
mutation LoginViaPersonalApiToken($apiKey: String!) {
  loginViaPersonalApiToken(token: $apiKey) {
    accessToken
  }
}
```

## Arguments

<ParamField path="apiKey" type="String!" required>
  Your API key provided by Filed.
</ParamField>

## Returns

<ResponseField name="accessToken" type="String!">
  Bearer token for API authentication. Use this token in the `Authorization` header for all subsequent requests.

  Format: `Authorization: Bearer <accessToken>`

  All API requests, including the login request, should include a `source-platform` header with your platform identifier (e.g., `tax-firm-a`, `my-sample-platform`, `qount`). This header is used to uniquely identify API requests for analytical purposes and does not affect rate limits or any other API functionality.
</ResponseField>

<Note>
  For partner API keys, the access token provides access to **all workspaces** created by that partner. You can use the same access token to call APIs against any workspace you've created, allowing you to manage multiple tax firm customers from a single authenticated session.
</Note>

## Example

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST https://gateway.filed.com/graphql \
    -H "Content-Type: application/json" \
    -H "source-platform: my-sample-platform" \
    -d '{
      "query": "mutation LoginViaPersonalApiToken($apiKey: String!) { loginViaPersonalApiToken(token: $apiKey) { accessToken } }",
      "variables": {
        "apiKey": "your-api-key-here"
      }
    }'
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "data": {
      "loginViaPersonalApiToken": {
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
      }
    }
  }
  ```
</ResponseExample>

<Tip>
  Store the `accessToken` securely and use it in the `Authorization` header for all subsequent requests. Access tokens are valid for a limited time; implement token refresh logic as needed. Remember to include the `source-platform` header in all API requests, including the login request.
</Tip>

## Troubleshooting

**Problem**: `loginViaPersonalApiToken` returns an error

**Solutions**:

* Verify your API key is correct and hasn't expired
* Check that you're using the correct GraphQL endpoint: `https://gateway.filed.com/graphql`
* Ensure your partner account is active
