# Authentication

### ApiKeyAuth

All API requests must include the API key. You have to pass it in the request header with the `x-api-key` parameter.

{% hint style="info" %}
Header parameter name: `x-api-key`
{% endhint %}

### BearerAuth

There are some API requests that a session token can be used instead of an API key such as fetching a checkout order. You have to pass it in the request header with `Authorization: Bearer` parameter.

This authorization method is intended for client applications (frontend) where this token is generated on request and is not secure to use an API key.

{% hint style="info" %}
HTTP Authorization Scheme: Bearer

Format: "JWT"
{% endhint %}