# Authorization for Online SDKs

The online SDKs function by communicating with the SenseCrypt server using an end-to-end encrypted protocol.

There are two methods available for authorization:

1. **Mobile API Key** - Configured in the app source code constants, this is the easiest method during development. Correspondingly, the mobile key is configured on the server as we saw in the server's [Configuration](https://docs.sensecrypt.com/sensecrypt-v3.1.1/sensecrypt-server/configuration) section.
2. **JWT Token** - A JWT token mechanism allows you to use your own authorization mechanism. To use a device specific JWT, follow the following steps:
   1. Get the device ID by calling `getDeviceId()` from the mobile SDK.
   2. Pass the device ID along with authentication parameters (such as username/password) to your own application server.
   3. If authentication succeeds, make a server-to-server call from your application server to your SenseCrypt server's `/gen-jwt` end-point passing in the device ID as the `instance_id`. See   the [Using a JWT Token for Authorization](https://docs.sensecrypt.com/sensecrypt-v3.1.1/sensecrypt-server/using-a-jwt-token-for-mobile-authorization) section for more details. The server-to-server call can be authorized using the `api_key` that you defined in the [Configuration](https://docs.sensecrypt.com/sensecrypt-v3.1.1/sensecrypt-server/configuration) section. 
   4. Return the generated JWT token to the mobile device.
   5. Store the JWT token on the device for future use.
   6. When initializing the mobile SDK, pass the server URL along with `Bearer your_jwt_token` as the authentication parameter.

By default, the source code uses the Mobile API Key configured in the code constants. Since a JWT flow involves your own authentication, implementing such a flow is left to you. However, the mobile SDKs do support such a flow out of the box should you choose to implement it.