# Authentication and API Keys

Coresignal provides API keys as your unique identifier for authenticating API requests. It's a string of **32 characters** (letters and numbers) that tells the API:

* Who is making the request
* Whether you are allowed to make the request
* Scale of service usage

### Multiple API keys management

You can generate and manage multiple API keys. Go to the `API keys` section in your account settings. In this section, you can see all of the API keys associated with your account and regenerate or delete them if needed.

***

## Use your API key

While using Self-service, you do not need to enter your API key – everything is done automatically. However, if you want to use other platforms to send your requests, you can get your API key here for authentication elsewhere.

{% stepper %}
{% step %}

### Get an API key

Go to Coresignal's [Self-service](https://dashboard.coresignal.com/sign-in) platform and copy your key in the **API keys** section on the platform's homepage.

<figure><img src="https://1300677093-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAd1icWUeSjJeOMkIAMkM%2Fuploads%2FfTsEnoIvDMLUQL8zzdW9%2Fimage.png?alt=media&#x26;token=f648d1bc-f69f-49d5-964b-705529b0f076" alt="" width="272"><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### Include the key in your API requests

Add the key to your HTTP request using Postman or another preferred service.

An authorization request header will be used for API Key authorization, listed under `apikey`.

{% hint style="info" %}

#### Endpoints

You need to know the precise endpoint for each API
{% endhint %}
{% endstep %}

{% step %}

### The API server checks your key

The server looks up the key to:

* See if it's valid
* Check your permissions
* Enforce any rate limits (e.g., 1000 requests/day)

If everything checks out, the server processes your request and returns the data or response.
{% endstep %}
{% endstepper %}