Authenticating yourself with the ZignSec API is easy. Just include your subscription key in the Authorization header. You'll need to authenticate your requests to access any of the endpoints in the ZignSec API. In this guide, we'll look at how authentication works. ## Subscription Key based authentication With subscription key based authentication, you must provide a subscription key to authenticate your HTTP requests. Your subscription key should be kept secret at all times as it is the means by which we identify calls made to the ZignSec API. Here's how to authenticate using cURL: ### Example request with subscription Key Authentication ```bash curl https://test-gateway.zignsec.com/core/api/sessions \ -H "Authorization: <subscription_key>" ``` Please don't commit your ZignSec subscription key to your code repository! ## Two-Way SSL Certificates For customers requiring extra layers of security when interacting with the ZignSec API, authentication using Two-Way SSL certificates in addition to the subscription Key based authentication may be enabled. Two way SSL, also known as mutual SSL certificates, are SSL certificate where the server and the client, authenticates each other for a more robust security. This process involves a client certificate on your end in addition to the SSL/TLS certificate on ZignSec's end. Each party validates the other’s certificate. Always keep your certificates safe and inform us immediately if you suspect it has been compromised. For information about how to enable Two-Way SSL on your account, please reach out to our support team at [email protected]