# Authentication

To use MailSlurp APIs authenticate your requests with an API Key.

- [Create an API Key](https://app.mailslurp.com/settings/developers/) in the dashboard
- Configure your [SDK library](/docs/sdks/) or add `x-api-key` header to your requests

## Authentication methods
MailSlurp accepts API keys using:

- Request header: `x-api-key: YOUR_API_KEY` (recommended)
- Query parameter: `?apiKey=YOUR_API_KEY`

Use header-based authentication by default, especially in server-side applications.

## Basic HTTP example
```bash
curl -sS https://api.mailslurp.com/inboxes \
  -H 'x-api-key: YOUR_API_KEY'
```

## API key handling guidance
- Use environment variables or secret stores, not hardcoded keys.
- Use separate keys for local, staging, and production contexts.
- Rotate keys on a regular schedule and after credential exposure.
- Restrict dashboard/API key ownership to the minimum required team members.

## Related docs
- [REST API](/docs/api/)
- [Quick start](/docs/quick-start/)
- [Team accounts and access](/docs/organizations/)