> ## Documentation Index
> Fetch the complete documentation index at: https://docs.api.nkama.ga/llms.txt
> Use this file to discover all available pages before exploring further.

# Get started

> From zero to your first authenticated request.

You need three things to call the API: an **account**, an **access token**, and the
**base URL**. This page walks the shortest path; [Authentication](/authentication) has the
full detail.

## 1. Get an account

NKAMA is phone-first. A user signs up by proving a phone number with a one-time code,
then setting a password — all pre-authentication:

<Steps>
  <Step title="Request a code">
    `POST /api/v1/registration/otp` with `{ "phoneNumber": "+241…" }` returns a `challengeId`.
  </Step>

  <Step title="Verify the code">
    `POST /api/v1/registration/otp/{challengeId}/verify` with `{ "code": "123456" }` returns a single-use `ticket`.
  </Step>

  <Step title="Complete sign-up">
    `POST /api/v1/registration/complete` with the `ticket`, a password and the accepted
    legal versions creates the account (role `TENANT`).
  </Step>
</Steps>

<Tip>
  Fetch the current legal versions to accept from `GET /api/v1/legal/versions` (public).
</Tip>

## 2. Get an access token

Tokens come from Keycloak, not from NKAMA. Mobile/web clients use the **Authorization Code
flow with PKCE**; see [Authentication](/authentication) for the production flow and for how to
get a token in scripts.

## 3. Call the API

Send the token as a bearer header:

```bash theme={null}
curl https://api.nkama.ga/api/v1/properties/mine \
  -H "Authorization: Bearer $ACCESS_TOKEN"
```

A `401` means the token is missing/expired; a `403` means the token is valid but lacks the
required role (e.g. listing a property needs the `OWNER` role — see
[Owner onboarding](/guides/owner-onboarding)).

Browse every endpoint in the [API reference](/api-reference) — each operation has a
"Try it" panel that sends the bearer token for you.
