> For the complete documentation index, see [llms.txt](https://docs.gomalomo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.gomalomo.com/authentication.md). # Authentication Malomo authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or outdated, Malomo returns an error. There are two types of API keys: *publishable* and *secret*. * **Publishable** API keys are meant solely to identify your account with Malomo, they aren't secret. In other words, they can safely be published in places like your Malomo.js JavaScript code or in an Android or iPhone app. Publishable keys only have the ability to retrieve shipment information. * **Secret** API keys should be kept confidential and only stored on your own servers. Your account's secret API key can perform any API request to Malomo without restriction. Be sure to keep this key secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, an so-forth. Authentication to the API is performed by providing your API key as a bearer token in the **`Authorization`** HTTP header. ``` curl https://api.gomalomo.com/orders/1323fa24-f252-4f97-9960-a36fee7c3a6a \ -H "Authorization: Bearer sk_452e3bab2f8c1f7cf03de018855fdf7e" -H "Accept: application/vnd.malomo+json; version=2" ``` All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.gomalomo.com/authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.