# Authentication

To use Lean Disposable API methods, you must always authenticate with:

- **Client authentication** using the SSL certificate provided by Namirial support portal
- **Basic authentication** using the credentials provided by Namirial support portal


Both are required for every request.

All requests must include the following header:


```
Content-Type: application/json
```

## Troubleshooting Authentication Issues

Common authentication errors and solutions:

| Error | HTTP Status | Solution |
|  --- | --- | --- |
| `11001` | No response (TLS handshake failure) | Client authentication failed. Verify that you are using the correct SSL certificate for the target environment. |
| `11002` | `500` | Basic authentication failed. Verify that you are using the correct credentials for the target environment. See the example below (basic authentication failed). |
| `11002` | `500` | The authenticated user is not authorized to call this method for the specified LRA. Contact Namirial support to verify your account permissions. See the example below (not authorized). |
| `15000` | `500` | On-behalf-of not valid. Verify the `on-behalf-of` header value or contact Namirial support. |


**Example basic authentication failed:**


```json
{
  "code": 11002,
  "message": "Wrong username or password"
}
```

**Example method not authorized:**


```json
{
  "code": 11002,
  "message": "Unauthorized user to call webmethod validateOtp"
}
```

## How to get API credentials

Submit a request through the Namirial support portal.