# Authentication

> Product: **Pabbly Email Verification** (v1)
> Base URL: `https://verify.pabbly.com/api/v1`
> Auth: Basic via `Authorization` header
> Canonical: `/email-verification/guides/authentication`

The Pabbly Email Verification API uses **HTTP Basic Auth**. Every request must include your API Key and Secret Key as the username and password.

*Auth header*

```http
Authorization: Basic <base64({{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}})>
```

## Getting your credentials

Sign in to your Pabbly account and navigate to **Settings → API → Generate API Keys**. You will see (or be able to generate) an **API Key** and a matching **Secret Key**. Treat the Secret Key like a password.

## Making authenticated requests

Send your API Key as the HTTP Basic username and your Secret Key as the password on every request. The examples on the right show how to call /email-lists/verify-single with proper authentication.

*cURL*

```bash
curl https://verify.pabbly.com/api/v1/email-lists/verify-single \
  -u {{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}}
```

*Node.js*

```javascript
const credentials = Buffer
  .from('{{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}}')
  .toString('base64');

const response = await fetch(
  'https://verify.pabbly.com/api/v1/email-lists/verify-single',
  { headers: { Authorization: `Basic ${credentials}` } }
);
const data = await response.json();
```

*Python*

```python
import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    'https://verify.pabbly.com/api/v1/email-lists/verify-single',
    auth=HTTPBasicAuth('{{YOUR_API_KEY}}', '{{YOUR_SECRET_KEY}}'),
)
data = response.json()
```

## Keep your credentials secret

Your credentials grant full access to your account. Never embed them in browser-side code, commit them to version control, or share them in support tickets. If you suspect a credential has been exposed, rotate it from the dashboard (**Settings → API → Generate API Keys**) and update any servers that use it.