# Authentication

## Principles

Altoviz API access are secured by :

- a TLS connection using a Sectigo Limited certificate with an RSA key length of 2048-bit
- an API key authentication mecanism

## How to get an API key ?

API keys are centralized in the Altoviz application itself. Go to the Settings, API access. Here is a direct shortcut https://app.altoviz.com/go/settings/apis.

You can create a new API key or re-generate an existing one.

![Create a new Altoviz API key using the app](authentication-create-key.png)

:::caution
Copy the API key before closing the form as you will not be able to access it again.
:::

## How does it work ?

### Header

Every HTTP request must have a header named `x-api-key` with a valid API key.

```bash title="Get information about the API server"
curl -H "x-api-key:cddb5157-12be-42a9-985a-4501c6e6e2fa" https://api.altoviz.com/hello
```

### Basic authentication

Basic authentication is also supported using apikey as user and the API key as password.

```bash title="Get information about the API server"
curl -u "apikey:cddb5157-12be-42a9-985a-4501c6e6e2fa" https://api.altoviz.com/hello
```

### Parameter

In case you really can't use a header, you can send the API key using a parameter named `apikey`. We discourage this method by default as the API key appear in logs, web analytics service or caches.

```bash title="Get information about the API server using API key by parameter"
curl https://api.altoviz.com/hello?apikey=cddb5157-12be-42a9-985a-4501c6e6e2fa
```

Great, you just made your first Altoviz API call ! 🥳