# Authentication The Speechace API uses [API keys](https://api-docs.speechace.com/getting-started/pre-requisites/getting-the-api-key) to authenticate requests. You can view and manage your API keys from the [dashboard](https://shop.speechace.com/subscription/profile). ### Best Practices for Securing Your API Key API keys are essential for authenticating and authorizing access to your API. However, if not handled properly, they can be a significant security risk. Here are some best practices to ensure your API keys are protected: **Storage and Handling** * **Avoid hardcoding:** Never embed API keys directly into your code. This makes them vulnerable to exposure if the code is shared or compromised. * **Environment variables:** Store API keys as environment variables. This way, they won't be part of your source code. * **Secret management tools:** Utilize tools like HashiCorp Vault or AWS Secrets Manager to securely store and manage API keys. * **Secure configuration files:** If you must use configuration files, encrypt them and store them in a secure location. * **Limit access:** Restrict access to your API keys to only those who need them. Implement role-based access control (RBAC). **Usage and Monitoring** * **Rate limiting:** Implement rate limiting to prevent abuse and mitigate the impact of compromised keys. * **IP address restrictions:** Limit access to specific IP addresses or networks to further enhance security. * **Token-based authentication:** Consider using token-based authentication (e.g., OAuth 2.0) to provide more granular control and reduce the risk of compromised keys. * **Logging and monitoring:** Log API key usage and monitor for suspicious activity. Set up alerts for unusual patterns or unauthorized access. * **Key rotation:** Regularly rotate API keys to minimize the impact of a compromised key. **Additional Considerations** * **Secure communication:** Ensure your API uses HTTPS to encrypt data in transit. * **Input validation:** Validate input to prevent injection attacks and other vulnerabilities. * **Regular security audits:** Conduct regular security audits to identify and address potential vulnerabilities. * **Educate developers:** Educate your development team about API security best practices. Related detail: [Get the API Key](https://api-docs.speechace.com/getting-started/pre-requisites/getting-the-api-key) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://api-docs.speechace.com/getting-started/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.