> ## Documentation Index
> Fetch the complete documentation index at: https://developer.runa.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to manage authentication when using the Runa API

The Runa API uses API keys to authenticate requests. You can view and manage your API keys in the [API keys section of the portal](https://app.runa.io/api-keys).

API keys are sent via the `X-Api-Key` header in the request. Here's an example of how to include the API key in your request:

```http theme={null}
GET https://api.runa.io/v2/orders HTTP/2
X-Api-Key: YOUR_API_KEY
```

## Structure of an API key

<img className="block dark:hidden" src="https://mintcdn.com/runa/3fuhXTcDrFXCr5CT/assets/graphics/api-key-light.png?fit=max&auto=format&n=3fuhXTcDrFXCr5CT&q=85&s=e166928cc3c6cdf8d0e5c22bcd31e03d" alt="API key example showing the key wgABC123.abc12345678defghijklmnopqrst~XYZ" width="944" height="164" data-path="assets/graphics/api-key-light.png" />

<img className="hidden dark:block" src="https://mintcdn.com/runa/3fuhXTcDrFXCr5CT/assets/graphics/api-key-dark.png?fit=max&auto=format&n=3fuhXTcDrFXCr5CT&q=85&s=d3f95d8339113f588c3576fd3fbd5ba5" alt="API key example showing the key wgABC123.abc12345678defghijklmnopqrst~XYZ" width="944" height="164" data-path="assets/graphics/api-key-dark.png" />

Runa API keys while a single string are made of two parts separated by a dot. The short **prefix** uniquely identifies the key. It's shown in the list of keys in the web portal and may be shared with Runa support to diagnose issues. The rest of the key is the **secret** and must be kept confidential.

We only ever show you the entire key once, when you create it. If you lose it, you must create a new one and revoke the old key.

## Types of API key

There are two types of API key:

* **Production keys** used for live transactions. These keys are prefixed with `wg`.
* **Playground keys** used for testing in the playground environment. These keys are prefixed with `XX`.

## Single or multiple keys

You can have multiple keys for different environments or applications. You should create new key for each use case. This allows you to revoke a key without affecting other integrations. If a key is shared revoking it will affect all users of that key.
