# Headers & Authentication If you are creating a basket **on your backend server**, you will need to provide us the IP address of the customer through the [Create a Basket endpoint.](https://docs.tebex.io/developers/headless-api/creating-a-basket)\ \ If you are creating a basket from the user's browser, we will automatically determine the IP from the requesting device. {% hint style="danger" %} **Currently we are unable to support IPv6 addresses** being provided in the ip\_address property. While we work on enabling IPv6 support, please provide an IPv4 address for the customer. {% endhint %} ## Authorization If you’re being asked for authentication; you'll need to use HTTP BASIC with the following details: | Username **(Public Token)** | Your Public Token (you can get this from ) | | --------------------------- | ---------------------------------------------------------------------------------------- | | Password **(Private Key)** | Your Private Key (you can get this from ) | {% hint style="warning" %} Your store's Private Key should **never** be shared publicly. If your key is ever compromised, it can be reset on the API Keys page linked in the table above. {% endhint %} ## Content Type All requests use `application/json` as the `Content-Type`. Ensure this is set with all requests to our Headless API. ## Example of an authenticated [create basket](https://docs.tebex.io/developers/headless-api/creating-a-basket) request ```javascript const url = "https://headless.tebex.io/api/accounts/{token}/baskets"; const headers = new Headers(); headers.append('Authorization', 'Basic ' + btoa(username + ':' + password)); headers.append('Content-Type', 'application/json'); const body = { "complete_url": "https://example.tebex.io/thank-you", "cancel_url": "https://tebex.io/", "custom": { "foo": "bar" }, "complete_auto_redirect": true, "username": "TebexDev" }; const options = { method: 'POST', headers: headers, body: JSON.stringify(body) }; const response = await fetch(url, options); ```