# Security

The Pismo platform uses server-to-server authentication to maintain security. An initial request instructs Pismo to create an access token in the form of a JSON Web Token (JWT). You use this token to send subsequent requests to the platform.

The current Server to Server authentications Pismo supports are:

* [Basic authentication with client credentials](https://developers.pismo.io/pismo-docs/docs/basic-authentication-with-client-credentials)
* [Authentication with OpenID Connect](https://developers.pismo.io/pismo-docs/docs/authentication-with-openid)

For more information on mTLS connectivity, refer to [Identity connectivity with mTLS](https://developers.pismo.io/pismo-docs/docs/identity-connectivity-with-mtls).

For Zero balance or Full balance customers providing [antifraud webhooks](https://developers.pismo.io/pismo-docs/docs/client-webhooks), see how Pismo [validates webhooks requests](https://developers.pismo.io/pismo-docs/docs/verifying-webhook-requests).