Set up authentication to make API calls to Virgil ServicesThis guide shows how to set up authentication using Access Token.In order to make call to Virgil Services (for example, to publish user's Card on Virgil Cards Service), you need to have a Access Token. You have to generate for each Application an Access Token on Virgil Dashboard.Prerequisites for workInstall SDK and Setup Virgil CryptoThe Virgil Java SDK is provided as a package named com.virgilsecurity.sdk. The package is distributed via Maven repository.The package is available for:Java 7 and newerAndroid API 16 and newerPrerequisites:Java Development Kit (JDK) 7+Maven 3+Installing the package:You can easily add SDK dependency to your project, just follow the examples below (Maven): com.virgilsecurity.sdk crypto 4.3.3 com.virgilsecurity.sdk sdk 4.3.3 Collect your Virgil developer credentialsParameterDescriptionAPP_IDID of your Application at Virgil DashboardAPP_KEYA Private Key that is used to sign users' Cards. For security, you will only be shown the App Private Key when the key is created. Don't forget to save it in a secure location for the next stepAPP_KEY_PASSWORDA password to your APP KEY ACCESS_TOKENAn unique string that is used to authorize requests on Virgil Services.You generate an Access Token on developer dashboard and then provide the Token to a user. With the Token, the user can then safely communicate with the Virgil Services.The user first signs into your Application server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, etc). The Application server then sends Token to the user. When the user makes API calls to the Virgil Cards Service, the user passes the Token along with the API call. The Cards Service is configured to verify that the incoming Token is given by the Application server. So, when the user makes API calls with the attached Access Token, Virgil can use the Token to verify that the API call is coming from an authenticated user.Each Access Token is granted access to specific Application and has permissions that are configured by you.Let's see how we can set up authentication:first, we'll set up a client sidesecond, we'll set up a server side with your Virgil account credentialsSet up Client sideWhen users want to start sending and receiving messages in a browser or mobile device, Virgil can't trust them right away. Clients have to be provided with a unique identity, thus, you'll need to give your users the Access Token that tells Virgil who they are and what they can do.Each your client must send to you the Access Token request with their registration request. Then, your service that will be responsible for handling access requests must handle them in case of users successful registration on your Application server.here an example of an Access Token// an example of an Access Token representation AT.7652ee415726a1f43c7206e4b4bc67ac935b53781f5b43a92540e8aae5381b14Use an Access TokenWith the Access Token we can initialize the Virgil SDK on the client-side to start doing fun stuff like sending and receiving messages.To initialize the Virgil SDK on a client-side you need to use the following code:VirgilApi virgil = new VirgilApiImpl("[YOUR_ACCESS_TOKEN_HERE]");Requests to your app server must be authorized. You can use any kind of authentication, for example, Google auth.Set up Server SideNext, you'll set up server-side SDK to sign and approve user's Card.Here is an example of how to setup server side with an Access Token:Crypto crypto = new VirgilCrypto(); VirgilClientContext ctx = new VirgilClientContext(APP_TOKEN); VirgilClient client = new VirgilClient(ctx); RequestSigner requestSigner = new RequestSigner(crypto); // Import application private key PrivateKey appKey = crypto.importPrivateKey(APP_PRIVATE_KEY.getBytes(), APP_PRIVATE_KEY_PASSWORD);It is important to understand that the purpose of using Token is NOT to hide or obscure data in any way. The reason why Token is used is to prove that the sent data was actually created by an authentic source.