---
title: Authenticate over REST
description: Advanced Identity Cloud provides the /json/authenticate endpoint for authentication, and the /json/sessions endpoint for managing sessions and logging out.
component: pingoneaic
page_id: pingoneaic:am-authentication:authn-rest
canonical_url: https://docs.pingidentity.com/pingoneaic/am-authentication/authn-rest.html
keywords: ["Authentication", "REST API"]
page_aliases: ["authentication-guide:authn-rest.adoc"]
---

# Authenticate over REST

Advanced Identity Cloud provides the `/json/authenticate` endpoint for authentication, and the `/json/sessions` endpoint for managing sessions and logging out.

The following table summarizes authentication operations you can perform using REST:

| Task                                                                                                                                                                                                                                                                                                                            | Resources                                                                                 |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **Authenticate to Advanced Identity Cloud**Authenticating to Advanced Identity Cloud means logging in to a specific realm and receiving a session token from Advanced Identity Cloud. Add parameters to the authentication request to provide Advanced Identity Cloud with more information about how you want to authenticate. | [Log in over REST](login-using-rest.html)                                                 |
| **Use the session token**Advanced Identity Cloud returns a session token when you authenticate to a realm. Use this token in subsequent calls to Advanced Identity Cloud. For example, when using REST calls to create, modify, or delete configuration objects.                                                                | [Session tokens after authentication](rest-using-ssotokens.html)                          |
| **Log out of Advanced Identity Cloud**Log out users by sending a `logout` action to the `/json/sessions` endpoint.                                                                                                                                                                                                              | [Log out over REST](logout-using-rest.html)                                               |
| **Invalidate sessions**Invalidate specific sessions, or invalidate all sessions for a user to ensure they are logged out of Advanced Identity Cloud.                                                                                                                                                                            | [Invalidate sessions](../am-sessions/managing-sessions-REST.html#rest-api-session-logout) |
| **Return callback information**The `/json/authenticate` endpoint supports callback mechanisms to return and request information.                                                                                                                                                                                                | [Return callback information](callbacks-supported.html)                                   |