# Authentication Malomo authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or outdated, Malomo returns an error. There are two types of API keys: *publishable* and *secret*. * **Publishable** API keys are meant solely to identify your account with Malomo, they aren't secret. In other words, they can safely be published in places like your Malomo.js JavaScript code or in an Android or iPhone app. Publishable keys only have the ability to retrieve shipment information. * **Secret** API keys should be kept confidential and only stored on your own servers. Your account's secret API key can perform any API request to Malomo without restriction. Be sure to keep this key secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, an so-forth. Authentication to the API is performed by providing your API key as a bearer token in the **`Authorization`** HTTP header. ``` curl https://api.gomalomo.com/orders/1323fa24-f252-4f97-9960-a36fee7c3a6a \ -H "Authorization: Bearer sk_452e3bab2f8c1f7cf03de018855fdf7e" -H "Accept: application/vnd.malomo+json; version=2" ``` All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gomalomo.com/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.