> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firstpromoter.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your API

## Authentication

### Obtaining Your Credentials

FirstPromoter uses two key credentials to authorize API requests:

1. **API Key**: A unique token that authenticates your application
2. **Account ID**: Identifies your specific FirstPromoter account

To locate these credentials:

1. Log in to your FirstPromoter Dashboard
2. Navigate to **Settings** → **Integrations** → **Manage API Keys** → **Add new Key** if you don't have one already.
3. Set a descriptive key name (e.g., `My Application Key`) and click **Create**
4. Immediately copy and securely store your newly generated API key.
5. You will find your **Account ID** in the same API integrations panel under **Settings** → **Integrations**

### Making Authenticated Requests

All API requests must include both credentials in your request headers:

```
Authorization: Bearer {your_api_key}
ACCOUNT-ID: {your_account_id}
```

#### Example Request

```
GET https://api.firstpromoter.com/api/v2/company/referrals
Authorization: Bearer 01234567890abcdef
ACCOUNT-ID: 123456
```

<Note>
  You must replace `{apikey}` with your account API key and  `{account_id}` with your account ID
</Note>

### Security Best Practices

* Keep your API key secure and never expose it in client-side code
* Consider implementing IP restrictions for API access
* Regularly audit your API usage and rotate keys if suspicious activity occurs
* Use HTTPS for all API communications
