# Authentication Hakuna uses API keys to authenticate all requests, and authentication is handled via Bearer Authentication. When you make an API request, you'll need to pass either your **sandbox secret key** or your **live secret key** in the HTTP `Authorization` header. Which key you use depends on the [environment](https://docs.hellohakuna.com/using-the-api/environments) you're using. ```bash curl https://api.hellohakuna.com/ \ -H "Authorization: Bearer " ``` If you do not enter a valid API key in your request, you will get a [`401` response (unauthorized)](https://docs.hellohakuna.com/using-the-api/responses). ### Getting your API keys You can view and manage your API keys for both the production and sandbox environments in the [Hakuna merchant console](https://console.hellohakuna.com/). {% hint style="info" %} **Get access to the Hakuna merchant console**\ Once your merchant console account has been created, you'll get an email with a temporary password. Click the link in the email to set a new password and complete your account setup. If you have not yet received an email, please [let us know](https://docs.hellohakuna.com/help/contact). {% endhint %} Please be aware that any changes made to existing API keys will take effect immediately and could cause unintended side effects. ### Managing your API keys Your API keys carry many privileges, so it is important to keep them private and secure. They should live primarily in your backend, and should never be exposed on your frontend. Do not hardcode or share your API keys (particularly in your source version control system).