> ## Documentation Index
> Fetch the complete documentation index at: https://developers.ligdicash.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your requests to the LigdiCash API with the Apikey and Authorization headers.

Every request to the LigdiCash API must include two identification keys, sent in HTTP headers. These keys are available in your LigdiCash dashboard once your project is activated.

## The two keys

| Header          | Value                | Role                      |
| --------------- | -------------------- | ------------------------- |
| `Apikey`        | Your API key         | Identifies your project   |
| `Authorization` | `Bearer {API_TOKEN}` | Authenticates the request |

These two keys are distinct and both required. A request with only one of them will be rejected.

<Note>
  Once your project is activated, your `Apikey` and `API_TOKEN` keys are available directly in your LigdiCash dashboard.
</Note>

## Full set of headers

All your requests must include these four headers:

```
Apikey: {API_KEY}
Authorization: Bearer {API_TOKEN}
Accept: application/json
Content-Type: application/json
```

## cURL example

```bash cURL theme={null}
curl -X POST https://app.ligdicash.com/pay/v01/redirect/checkout-invoice/create \
  -H "Apikey: {API_KEY}" \
  -H "Authorization: Bearer {API_TOKEN}" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{ ... }'
```

## Best practices

**Store your keys in environment variables**, never hardcoded in source code:

<CodeGroup>
  ```bash .env theme={null}
  LIGDICASH_API_KEY=your_api_key
  LIGDICASH_API_TOKEN=your_api_token
  ```

  ```javascript Node.js theme={null}
  const apiKey = process.env.LIGDICASH_API_KEY;
  const apiToken = process.env.LIGDICASH_API_TOKEN;
  ```

  ```php PHP theme={null}
  $apiKey = getenv('LIGDICASH_API_KEY');
  $apiToken = getenv('LIGDICASH_API_TOKEN');
  ```

  ```python Python theme={null}
  import os
  api_key = os.environ["LIGDICASH_API_KEY"]
  api_token = os.environ["LIGDICASH_API_TOKEN"]
  ```
</CodeGroup>

<Warning>
  Never send your keys from a browser or a mobile application. All calls to the LigdiCash API must go through your backend server.
</Warning>

## Authentication errors

An authentication error returns `response_code: "01"` and `response_text: "Echec (Code00)"`:

```json theme={null}
{
  "response_code": "01",
  "token": "",
  "response_text": "Echec (Code00)",
  "description": "",
  "wiki": "https://client.ligdicash.com/wiki/createInvoice"
}
```

Possible causes:

* Incorrect or expired `Apikey`
* Incorrect or expired `API_TOKEN`
* One or more required headers missing

The `wiki` field present in every response contains a URL to the documentation for the error codes specific to the endpoint called. **Always consult this URL** to get the exact meaning of the returned code — it is the official LigdiCash reference for interpreting `response_text`.

## Regenerating your keys

If your keys are compromised, contact the LigdiCash team to obtain new ones. The old keys are immediately invalidated upon re-issuance.

<Warning>
  Any re-issuance of keys immediately interrupts production calls. Prepare your new environment variables before requesting re-issuance.
</Warning>
