> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wepayout.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the WEpayments API

The WEpayments API uses API keys to authenticate requests. Each API key is associated with a specific email address that has access to your WEpayments account.

## How to Create Your API Key

To create and manage your API keys, follow the detailed instructions in our support center:

<Card title="API Key Creation Guide" icon="book" href="https://support.wepayments.com.br/support/legal/api-authentication">
  Learn how to create and manage your API keys in the WEpayments dashboard
</Card>

## API Keys

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

**Important**: Each API key is linked to an email address with access to your WEpayments account. Make sure the email has the appropriate permissions for the operations you need to perform.

### Types of Keys

* **Public Key**: Used for client-side operations
* **Secret Key**: Used for server-side operations (keep this secure!)

## Making Authenticated Requests

Authentication to the API is performed via HTTP Bearer Authentication. Provide your API key in the Authorization header:

```bash theme={null}
Authorization: Bearer YOUR_API_KEY
```

## Example Request

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.wepayments.com/v1/transactions \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.wepayments.com/v1/transactions', {
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    }
  });
  ```

  ```python Python theme={null}
  import requests

  headers = {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
  }

  response = requests.get('https://api.wepayments.com/v1/transactions', headers=headers)
  ```

  ```php PHP theme={null}
  <?php
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api.wepayments.com/v1/transactions');
  curl_setopt($ch, CURLOPT_HTTPHEADER, array(
      'Authorization: Bearer YOUR_API_KEY',
      'Content-Type: application/json'
  ));
  $response = curl_exec($ch);
  curl_close($ch);
  ?>
  ```
</CodeGroup>

## Security Best Practices

<Warning>
  Never expose your secret API keys in client-side code, public repositories, or insecure locations.
</Warning>

* Store API keys in environment variables
* Use different keys for development and production
* Rotate keys regularly
* Implement proper access controls
* Monitor API usage for suspicious activity

## Error Handling

If authentication fails, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key provided"
  }
}
```
