# Authentication
1app authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, 1app returns an error.
### API keys
Every account created on 1app has a priviledge to generate two kinds of API keys:
* [ ] **Secret key:** This is the most powerful type of key to authorize any action on your 1app account, so it should never be exposed to the public.
* [ ] **Public key:** This key can be used for public API call scenarios, such as in front-end JavaScript code (e.g. [List banks](https://docs.1app.online/v1-1/bank-list), [Data Plans](https://docs.1app.online/v1-1/data-purchase/data-plans) etc).
#### To Manage your API Keys;
* Create an account on Boldd -
* Log in to your account
* Navigate to **Settings**
* Select the **API Keys/Webhook** tab in the Developers section of the menu to view and copy your keys.
{% hint style="danger" %}
Your secret keys are to be kept secret and only stored on your servers, preferably as an environment variable. Do not include them in your GitHub repository, or use them in client-side code.
If for any reason, you believe your secret key has been compromised, you can reset them from the dashboard
{% endhint %}
### Authorizing API calls
All API requests must be made over HTTPS. All API calls to 1app endpoints require authorization. Any requests made without authorization will fail.
#### Sample Authorization Header
{% hint style="info" %}
**Authorization:** "Bearer YOUR\_SECRET\_KEY"
**Authorization:** "Bearer YOUR\_PUBLIC\_KEY"
{% endhint %}
Authorization: Bearer 1applive\_sk\_0a21husgdsyda2dbaa329a9876c917
All API requests exist in either test or live mode, and one mode cannot be manipulated by data in the other.
### Base URL
Make calls to our API endpoints with this base URL as a prefix [**https://api.oneappgo.com/v1**](https://api.oneappgo.com/v1)