# Authentication flow

## Overview

Authenticating a user via Terra is the **first** and **most** **essential** **step** to begin receiving their health and fitness data from their wearable or fitness platform. 

A **user authentication** is the process of allowing your end-user to connect their health data (e.g., Fitbit, Garmin, Oura) to you via Terra API. Once authenticated, Terra will start automatically pushing health data **events** from that user's account to your chosen data destination, with no polling or manual requests required.<br>

{% hint style="success" %}

## **Prerequisites**

To connect a [User](https://app.gitbook.com/s/eJJpVMsUARUJq9lYmL6t/health-and-fitness-api/core-concepts#user), you need to have completed the following steps:

1. [**API Key & dev-id:**](https://dashboard.tryterra.co/) Obtain your **API** **Key** and **dev-id** from your Terra Dashboard
2. [**Destination Configured:**](https://docs.tryterra.co/integration-setup#set-up-your-data-sources-and-destinations) Set up a Data Destination where Terra will send **events** and **data** **updates**.
3. [**Data Sources Activated**:](https://docs.tryterra.co/integration-setup#set-up-your-data-sources-and-destinations) Enable the data **sources** (e.g. oura).
   {% endhint %}

***

## The Authentication Flow

The ideal authentication flow for your end-users:&#x20;

* User clicks "Connect Device" in your mobile app or web app.
* Your frontend requests your backend for a widget URL.
* Your backend generates a widget URL by calling the `/auth/generateWidgetSession` endpoint.
* Redirect the user to the widget URL in your frontend (or open in-app browser for mobile apps).
* User authenticates their data source.
* Widget redirects to your success/failure URL with the `user_id` and `reference_id`.

The health and fitness data of your end-users will be sent to your destination automatically thereafter!&#x20;

You **don't** **need** to manage **auth** **tokens** or **refresh** **tokens**; we manage this on our end on your behalf.

***

## Test the Authentication

For internal demonstration purposes, if this is your first time authenticating a [User](https://app.gitbook.com/s/eJJpVMsUARUJq9lYmL6t/health-and-fitness-api/core-concepts#user), you may connect your own data source using the [Terra Dashboard](https://dashboard.tryterra.co/) as below.&#x20;

Your end-users won't use this pathway to connect their wearables; to connect live users you need to use the API. However, this will help you understand the auth flow without making any API calls yourself!&#x20;

{% @supademo/embed demoId="clzvfyvwy08lmo0qpw5yadcf8" url="<https://app.supademo.com/demo/clzvfyvwy08lmo0qpw5yadcf8>" %}