# Usage of the Access Token

Most commonly, this is done by adding an HTTP header:

`Authorization: Bearer <ACCESS_TOKEN>`

For example, using a placeholder user token (where `/api/GetConversations` is only accessible by users, thus requiring a user token):

```bash
curl -H "Authorization: Bearer AAABBBCCC111222333444..." \
     "https://demo.aicrisk.com/api/GetConversations"
```

or in python:

```python
import requests

ACCESS_TOKEN = "AABBCCDD...access token here"
response = requests.get(
    "https://demo.aicrisk.com/api/GetConversations",
    headers = {
        "Authorization": f"Bearer {ACCESS_TOKEN}", "Accept": "application/json"
    }
)
if response.status_code != 200:
    return f"Data Retrieved Invalid: {response.status_code} - {response.reason}", response.status_code
users = response.json() # data retrieved
```

The AIRisk API will verify the token (and the user context, if any) and then process the request if the token is valid and has the required permissions. If the token is expired or invalid, the API will return an HTTP 401 Unauthorized error (with a `status_code` (401) and `reason`).