> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mavapay.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> All API endpoints are authenticated using API keys.

### Authentication Methods

All API requests are authenticated with an API key. You can find authentication requirements for each endpoint in the [OpenAPI specification file](https://github.com/stealthmoney/mavapay-docs/blob/main/api-reference/openapi.json).

<Warning>
  Do not expose your API keys in public repositories. Use environment variables or a secure method to store and use your API keys.
</Warning>

We provision use RBAC for authentication. You can assign different roles to your API keys to control their access to the API. Roles can be `READ` or `WRITE`. You should keep your API key secure and never expose it in public repositories.

```json theme={null}
{
  "api_key": "aktestsddkdkd"
}
```

If you suspect that your API key has been compromised, deactivate the key and regenerate a new one immediately from the [dashboard](https://mavapay.co/api-keys).

### Authorization Headers

When making requests to our API, include your API key in the `x-api-key` header:

<ResponseField>
  <CodeGroup>
    ```json API Key theme={null}
    {
      "x-api-key": "<YOUR_API_KEY>"
    }
    ```
  </CodeGroup>
</ResponseField>

API requests made without a valid API key will return a `401: Unauthorized` status code.