# Authentication

Your API requests are authenticated using API keys. Any request that doesn't include an API key will return an error. Head to the API page under Settings, then create and copy a new API token.

{% hint style="warning" %}
Note: If your API key is publicly visible, you should not select "read" permissions for that key. API Keys with "read" permissions should **not** be visible to the public.
{% endhint %}

<figure><img src="https://2791060175-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIuz7LXFLoXdIQZVsLtaG%2Fuploads%2FL0FQPiD2I0FBJvtFsQjj%2FCleanShot%202023-01-02%20at%2020.18.50%402x.png?alt=media&#x26;token=f37ed7d4-4bc5-416b-82fb-2f8747f82289" alt=""><figcaption><p>The api key management screen</p></figcaption></figure>

All API keys should be used as Bearer tokens as follows:

```http
curl -H "Authorization: Bearer <API KEY>" "https://api.morning.so/v3/..."
```