# Authentication

> Product: **Pabbly Subscription Billing** (v1)
> Base URL: `https://payments.pabbly.com/api/v1`
> Auth: Basic via `Authorization` header
> Canonical: `/subscription-billing/guides/authentication`

The Pabbly Subscription Billing API uses **HTTP Basic Auth**. Every request must include your API Key and Secret Key as the username and password.

*Auth header*

```http
Authorization: Basic <base64({{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}})>
```

## Getting your credentials

Sign in to your Pabbly account and navigate to **Settings → API Settings → Generate the Keys**. You will see (or be able to generate) an **API Key** and a matching **Secret Key**. Treat the Secret Key like a password.

## Making authenticated requests

Send your API Key as the HTTP Basic username and your Secret Key as the password on every request. The examples on the right show how to call /customer/cus_example with proper authentication.

*cURL*

```bash
curl https://payments.pabbly.com/api/v1/customer/cus_example \
  -u {{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}}
```

*Node.js*

```javascript
const credentials = Buffer
  .from('{{YOUR_API_KEY}}:{{YOUR_SECRET_KEY}}')
  .toString('base64');

const response = await fetch(
  'https://payments.pabbly.com/api/v1/customer/cus_example',
  { headers: { Authorization: `Basic ${credentials}` } }
);
const data = await response.json();
```

*Python*

```python
import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    'https://payments.pabbly.com/api/v1/customer/cus_example',
    auth=HTTPBasicAuth('{{YOUR_API_KEY}}', '{{YOUR_SECRET_KEY}}'),
)
data = response.json()
```

## Keep your credentials secret

Your credentials grant full access to your account. Never embed them in browser-side code, commit them to version control, or share them in support tickets. If you suspect a credential has been exposed, rotate it from the dashboard (**Settings → API Settings → Generate the Keys**) and update any servers that use it.