# Authentication

This section explains how to authenticate your requests to the xMoney API.

## API keys

xMoney uses API keys to authenticate your requests. You can find your API keys in the [xMoney Dashboard](https://merchant.xmoney.com/auth/signin). To learn how to locate and manage your API keys, see the [Get started guide](/guides/general/get-started#sites--api-key).

To authenticate your request, you need to include your API key in the `Authorization` header. The value of the header should be `Bearer YOUR_API_KEY`.

Here's an example of how to include your API key in a curl request:


```bash
curl -X GET \
  https://api-stage.xmoney.com/order \
  -H 'Authorization: Bearer YOUR_API_KEY'
```

Your API keys are secret and should not be shared with anyone. If your API key is compromised, you should regenerate it immediately.

## Error response

If your request is not authenticated, you will receive a `401 Unauthorized` response.


```json
{
  "code": 401,
  "message": "Unauthorized"
}
```

Here are some possible reasons why you might receive a `401 Unauthorized` response:

* You have not included your `Private Key` in the `Authorization` header.
* You have included an invalid `Private Key` in the `Authorization` header.
* Your `Private Key` has been revoked.


If you are receiving a `401 Unauthorized` response and you are sure that you are including a valid `Private Key` in the `Authorization` header, please contact xMoney support for assistance.