# Headers and Authentication

As a creator using Checkout API, you must authenticate directly with the API as opposed to individual customers authenticating.

## Authorization

We use HTTP BASIC for authorization, and all requests are made over HTTPS so that your credentials are protected.

| Username **(Project ID)**  | Your Project ID (you can get this from <https://creator.tebex.io/developers/api-keys>)  |
| -------------------------- | --------------------------------------------------------------------------------------- |
| Password **(Private Key)** | Your Private Key (you can get this from <https://creator.tebex.io/developers/api-keys>) |

{% hint style="warning" %}
Your store's Private Key should **never** be shared publicly. If your key is ever compromised, it can be reset in your Webstore panel.
{% endhint %}

## Content Type

All requests use `application/json` as the `Content-Type`. Ensure this is set with all requests to our Checkout API.

### Example

```javascript
const url = "https://checkout.tebex.io/api/checkout";

const headers = new Headers();
headers.append('Authorization', 'Basic ' + btoa(username + ':' + password));
headers.append('Content-Type', 'application/json');

const options = {
        method: 'POST', // Use 'GET', 'POST', 'PUT', etc. as needed
        headers: headers
};

const response = await fetch(url, options);
// etc
```