# Authorization

### API Authentication

#### Introduction to API Authentication in VOVE ID

In VOVE ID's RESTful API, authentication and authorization are streamlined through the use of an API Key. This method ensures that API requests are processed securely and efficiently, confirming that they are coming from authorized sources. Clients must manage this key with utmost confidentiality to maintain the integrity and security of their interactions with VOVE ID.

#### Using the API Key

* **Obtaining the** API\_KEY: Upon successful registration with VOVE ID, clients are issued a unique API Key. This key serves as the primary credential for authenticating API requests.
* **Making Authenticated Requests**: When making calls to VOVE ID’s API, the API\_KEY must be included in the request header. This is essential for the API to validate and process the request.

#### Best Practices for API Key Management

* **Security**: The API\_KEY is akin to a password. It should be treated with the same level of security and never be exposed in client-side code or front-end applications. Exposing the API Key can lead to unauthorized access and potential misuse of the VOVE ID services.
* **Environment Variables**: Store the API\_KEY in environment variables or server-side configuration files. This practice helps in keeping the key secure and separate from your codebase.
* **Regeneration**: In case of a potential key compromise, Please reach out to your Account Manager urgently and ask to regenerate a new API\_KEY, VOVE ID allows the regeneration of the API Key.

#### Warning: Key Exposure Risks

* **Do Not Embed in Front-End Code**: Embedding the API Key in your front-end code can lead to serious security vulnerabilities, as the key can be easily extracted by end-users or malicious actors.
* **Do Not Store Publicly**: Avoid storing the API Key in publicly accessible areas such as GitHub repositories, client-side scripts, or public cloud storage.

**Example**

To request a token, send a POST request with your business identifier and business secret key to VOVE ID's authorization service:

```http
GET /v2/users/:refId HTTP/1.1
Content-Type: application/json
x-api-key: API_KEY
```

#### Conclusion

Proper management and use of the API Key are paramount in ensuring the security and efficiency of your interactions with the VOVE ID API. By following these best practices, you can safeguard your application against unauthorized access and maintain the confidentiality of the sensitive data processed through our platform.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.voveid.com/docs/api/authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.