# Authentication

Our API use API keys to authenticate requests. You can manage your API keys using the API.

Our secret keys have the prefix `sk_`. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication). Provide your API key as the basic auth username value. You do not need to provide a password.

All API requests must be made over [HTTPS](http://en.wikipedia.org/wiki/HTTP_Secure). Calls made over plain HTTP will fail. API requests without authentication will also fail.

```sh
curl https://api.debitdirect.io/me \
  -u sk_ddMfjeC39HqLyjWDarjtT1zdp7dc: \
  --header "x-version: 4.0"
```