# Authentication

Pliro uses API keys to authenticate requests. You can view and manage your API keys in the Pliro Dashboard.

{% hint style="warning" %}
Your API keys grant full access to your publication's data within Pliro, so be careful not to expose your keys publicly on GitHub or in client-side code. If you believe one of your API keys might have been exposed, you can revoke it and create a new one in Pliro Dashboard.
{% endhint %}

Authentication is performed using [HTTP Basic auth](http://en.wikipedia.org/wiki/Basic_access_authentication). Provide your API key as the Basic auth username value. You don't need to provide a password:

```sh
curl -u "$PLIRO_API_KEY:" $PLIRO_API_BASE_URL/2023-04-11/customers
```

All API requests must be made over [HTTPS](https://en.wikipedia.org/wiki/HTTPS). Requests made over plain HTTP will fail. Requests without authentication will also fail.