> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dojah.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys and Authentication

> Get your Dojah API keys, create an app, and sign requests. Step-by-step setup for sandbox and production.

Securely authenticate all Dojah API calls by following this simple lifecycle:
create your app, generate API keys, select environments, and sign each request with your credentials.

***

#### Create an App

* Log in to the Dojah Dashboard and go to **Developers → Configuration → My Apps**.
* Create a new app or edit the default one.
  * Enter an App Name;
  * Optionally add a logo and primary color if you'll use widgets like EasyOnboard.
* Each App has a unique **App ID**; this is required for all API calls.

***

#### API Keys

* Once your app is created, you can generate **public** and **private** API keys.
* **Public Key**: Meant for front-end usage (e.g. SDKs or widgets).
* **Private Key**: Must remain confidential; used for authenticating server-side API calls.
* Keys can be regenerated anytime from the dashboard.

Each app comes with two keys:

* **App ID**: Public identifier used in API calls.
* **Secret Key**: Private key for signing and securing requests.

<Note> Do not expose your Secret Key on the frontend or in public repositories. It should only be used server-side. </Note>

***

#### Environments

Dojah supports both sandbox and production environments:

| Environment | Base URL                   |
| ----------- | -------------------------- |
| Sandbox     | `https://sandbox.dojah.io` |
| Production  | `https://api.dojah.io`     |

<Note>
  * Always use HTTPS for all API requests.
  * Make sure you have created an app before sending any request.
  * Keep your Secret Key secure. Never share it or expose it publicly.
</Note>

***

#### Authorization

For every API request, include your App ID and Secret Key in the request headers:

```http theme={null}
AppId: YOUR_APP_ID
Authorization: YOUR_SECRET_KEY
```

#### Customer Reference

To include a unique identifier for each API request, please provide a **customer\_reference** in the query parameters. This reference will then be included in your exported API logs.

```http Query Parameter theme={null}

      {{baseUrl}}/api/v1/kyc/endpoint?customer_reference=1234556
  

```
