# Authentication

Each API request requires an API key either as a HTTP Header or included as a query string.

You can find your API key in the Frill Dashboard.

{% hint style="warning" %}
Your API key has many privileges, be sure to keep it secret! Do not share the key in publicly accessible areas such GitHub, client-side code, and so forth.
{% endhint %}

{% hint style="info" %}
**Recommendation:** It's best to use the *HTTP Header - Bearer auth* method - it's the easier than the *Basic auth* method and more secure than *Query string*
{% endhint %}

### **HTTP Header - Bearer auth**

Include the API Key in the `Authorization` header where the value is prefixed with `Bearer` in the format:

```http
GET https://api.frill.co/v1/ideas
Authorization: Bearer API_KEY
```

### **Query string**

Include the API key as part of the request path in the format `?api_key=API_KEY`.

```http
GET https://api.frill.co/v1/ideas?api_key=API_KEY
```

### **HTTP Header - Basic auth**

Following the [Authorization Basic HTTP Spec](https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side). Provide your API key as the basic auth **username** value. You do not need to provide a password.

The Authorization field is constructed as follows:

1. The username (api\_key) and password (leave blank) are combined with a single colon. (:)
2. The resulting string is encoded into an octet sequence.
3. The resulting string is encoded using Base64.
4. The authorization method and a space is then prepended to the encoded string, separated with a space (e.g. "Basic ").

```http
GET https://api.frill.co/v1/ideas
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
```

***