> ## Documentation Index
> Fetch the complete documentation index at: https://developer.paywint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> We use API key based authentication to verify and authorize all requests to the Paywint API.

**All API requests to Paywint must be made over HTTPS and authenticated using an API key.**
Include the API key in the request header as `X-Platform-ID`, and the HMAC-SHA256 signature in `X-Signature`. [Learn how to generate signatures →](/get-started/signature-auth)

The signature should be generated using your platform's secret key and the [canonical string format](/get-started/signature-auth#canonical-string-format): `METHOD + PATH + QUERY + BODY_HASH`

```curl Example Api Call theme={null}
curl -X POST "https://<environment>/api/platform/users/create" \
  -H "Content-Type: application/json" \
  -H "X-Platform-ID: YOUR_API_KEY" \
  -H "X-Signature: GENERATED_SIGNATURE" \
  -d '{
    "name": "John Doe",
    "email": "john@example.com",
    "phone": "9876543210",
    "phone_country_code": "+1"
  }'

```

Make sure to use the correct API key for the appropriate [environment](/environments). Using the wrong key or URL may result in authentication failures.

Keep your API key secure and never expose it on the client side.

<Note>
  Alternatively, you can use the static signature in the [sandbox environment](/environments#sandbox): `8b3cb99a4b8e24fc7e01d0db635e2e47b80818144fe51400c6c6ae3ecbc84f47`
</Note>

<Card title="How to generate signature" icon="shield" href="/get-started/signature-auth" arrow="true" cta="Learn More">
  Learn how to generate secure request signatures using your platform’s secret key in our Signature Authentication Guide.
</Card>

***

Need help? Reach out to [support@paywint.com](mailto:support@paywint.com)