# Authentication

> Product: **Pabbly Chatflow** (v1)
> Base URL: `https://chatflow.pabbly.com/api/v1`
> Auth: Bearer via `Authorization` header
> Canonical: `/chatflow/guides/authentication`

The Pabbly Chatflow API uses **Bearer Token** authentication. Every request must include your API key in the `Authorization` header.

*Auth header*

```http
Authorization: Bearer {{YOUR_API_KEY}}
```

## Getting your credentials

Sign in to your Pabbly account and navigate to **Settings → API & Webhooks**. Copy the **API key** shown there — it is the only credential you need for API requests. Treat it like a password.

## Making authenticated requests

Send your API key in the `Authorization` header on every request. The examples on the right show how to call /messages with proper authentication.

*cURL*

```bash
curl https://chatflow.pabbly.com/api/v1/messages \
  -H "Authorization: Bearer {{YOUR_API_KEY}}"
```

*Node.js*

```javascript
const response = await fetch(
  'https://chatflow.pabbly.com/api/v1/messages',
  { headers: { 'Authorization': 'Bearer {{YOUR_API_KEY}}' } }
);
const data = await response.json();
```

*Python*

```python
import requests

response = requests.get(
    'https://chatflow.pabbly.com/api/v1/messages',
    headers={'Authorization': 'Bearer {{YOUR_API_KEY}}'},
)
data = response.json()
```

## Keep your credentials secret

Your credentials grant full access to your account. Never embed them in browser-side code, commit them to version control, or share them in support tickets. If you suspect a credential has been exposed, rotate it from the dashboard (**Settings → API & Webhooks**) and update any servers that use it.