# Authentication

The Found Hero API uses [API keys](https://docs.joinfoundhero.com/master#api-keys) to authenticate requests. You can view and manage your API keys in the [account settings](https://app.joinfoundhero.com/dashboard/settings#api-keys) page.

Each request you make to the API must include the following HTTP header in order to authenticate with Found Hero API:

```bash
fh-api-key: {YOUR_API_KEY}
```

Replace the `YOUR_API_KEY` with your own API key. All API requests must be made over [HTTPS](http://en.wikipedia.org/wiki/HTTP_Secure). Calls made over plain HTTP will fail. API requests without the above `fh-api-key` header will also fail.

{% hint style="warning" %}
**Keep Your API Keys Secure**

Your API keys carry many privileges, so be sure to keep them secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Make sure to familiarize yourself with security best practices around storing and using API keys. Never ever hard-code the API key into source control systems like Git, but extract this information into environment variables instead.

In the event, your API key is compromised, immediately revoke it from your account dashboard and create a new API key.
{% endhint %}