---
title: Authentication
description: Learn how to authenticate with NoLag using access tokens and API keys.
---

# Authentication

NoLag uses access tokens to authenticate clients. Learn how to obtain and use tokens securely.

## Access Tokens

Access tokens are used to authenticate your clients with NoLag. Each token is associated with an Actor (user, device, or server) and determines what topics they can access.

### Obtaining Tokens

1. Log in to the [NoLag Dashboard](https://portal.nolag.app)
2. Navigate to your project
3. Go to **Actors** section
4. Create a new Actor or select an existing one
5. Copy the access token (shown only once on creation)

## Using Access Tokens

```typescript [TypeScript]
import { NoLag } from '@nolag/js-sdk'

// Using an access token
const client = NoLag('your_access_token')
await client.connect()

console.log('Authenticated and connected!')
```
```python [Python]
from nolag import NoLag

# Using an access token
client = NoLag('your_access_token')
await client.connect()

print('Authenticated and connected!')
```
```go [Go]
package main

import (
    "fmt"

    nolag "github.com/NoLagApp/nolag-go"
)

func main() {
    // Using an access token
    client := nolag.New("your_access_token")
    client.Connect()

    fmt.Println("Authenticated and connected!")
}
```

## Token Types

### Actor Types

- **Device** - For IoT devices, browsers, mobile apps
- **User** - For authenticated end users
- **Server** - For backend services with elevated permissions

## Security Best Practices

- **Never expose tokens in client-side code** - Use environment variables or secure token exchange
- **Rotate tokens regularly** - Especially for production environments
- **Use least privilege** - Only grant necessary permissions to each Actor
- **Monitor usage** - Check the dashboard for unusual activity

## Next Steps

- [Quick Start Guide](/docs/getting-started)
- [Access Control Lists](/docs/concepts/acl)
