> ## Documentation Index
> Fetch the complete documentation index at: https://requestnetwork-feat-tron-sponsored-tx-doc.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate Request Network API calls with API keys or Client ID

## Overview

Request Network API supports two authentication modes:

* `x-api-key` for server-side integrations
* `x-client-id` for browser/client integrations (with `Origin` header)

Use this page as the canonical auth reference. Client IDs are managed in the [Request Dashboard](https://dashboard.request.network); webhooks are managed programmatically via the [Auth API](https://auth.request.network/open-api/#tag/webhook) (`POST /v1/webhook` with the `x-client-id` header).

## Choose the Right Method

| Method    | Best for                                                 | Header(s)                  |
| --------- | -------------------------------------------------------- | -------------------------- |
| API Key   | Backend services, cron jobs, trusted server environments | `x-api-key`                |
| Client ID | Browser/front-end calls where client auth is required    | `x-client-id` (+ `Origin`) |

## API Key Authentication

Use API keys for backend calls.

### Example

```bash cURL theme={null}
curl -X GET 'https://api.request.network/v2/request/{requestId}' \
  -H 'x-api-key: YOUR_API_KEY'
```

## Client ID Authentication

Use Client ID when your integration needs browser-side authentication flow.

### Example

```bash cURL theme={null}
curl -X GET 'https://api.request.network/v2/request/{requestId}' \
  -H 'x-client-id: YOUR_CLIENT_ID' \
  -H 'Origin: https://your-app.example'
```

<Info>
  For browser-based requests, `Origin` is part of the request context and is required for Client ID auth.
</Info>

## Header Reference

* `x-api-key`: API key used for server-side auth
* `x-client-id`: Client identifier used for client-side auth
* `Origin`: required with Client ID flows in browser contexts

## Common Authentication Errors

### 401 Unauthorized

* Missing auth header
* Invalid/expired API key or client ID

### 403 Forbidden

* Credentials are valid but not allowed for the requested operation
* Client ID is revoked or restricted

### 429 Too Many Requests

* Request rate exceeded for your credentials

## Security Guidance

* Keep API keys server-side and out of frontend bundles
* Store credentials in environment variables or secret managers
* Rotate compromised credentials immediately
* Verify webhook signatures independently (webhook signing uses a separate secret)

## Related Pages

<CardGroup cols={3}>
  <Card title="Dashboard" href="https://dashboard.request.network" icon="key">
    Create credentials and manage webhook configuration.
  </Card>

  <Card title="Webhooks" href="/api-reference/webhooks" icon="webhook">
    Signature verification and delivery behavior.
  </Card>

  <Card title="OpenAPI Reference" href="https://api.request.network/open-api" icon="book">
    Full endpoint authentication requirements.
  </Card>
</CardGroup>
