# Authentication

## API Keys

Partners receive API keys during onboarding for both demo and production environments. Each environment has its own
unique API key.

## Using Your API Key

Include your API key in the `X-Api-Key` header with every request:

```http
X-Api-Key: your-api-key-here
```

## Environments

| Environment | Purpose                 | Base URL                                             |
| ----------- | ----------------------- | ---------------------------------------------------- |
| Demo        | Testing and development | [https://api-demo.brij.fi](https://api-demo.brij.fi) |
| Production  | Live transactions       | [https://api.brij.fi](https://api.brij.fi)           |

Use the appropriate API key for each environment. Demo keys will not work in production and vice versa.

## Security Best Practices

* Never expose your API key in client-side code
* Store API keys securely using environment variables or a secrets manager

## API Reference

* Partner API methods: [/api-reference](/api-reference)
* Customer API methods: [/api-reference](/api-reference)