# Authentication

To interact with the Fullwhere Partner API, you need to authenticate your requests using `X-API-KEY` and `X-API-SECRET`. These tokens are supplied as **Header parameters** in the request, ensuring that only authorized clients can access and manipulate data.

### Generating a token

{% hint style="info" %}
To create and manage API credentials, you must have an Admin access to your Fullwhere workspace.
{% endhint %}

**(1)** Log in to your Fullwhere account.

**(2)** Go to **Settings** > **Connectivity** > **Developers** tab.

**(3)** Click **Generate an API Key**.

**(4)** Enter an API Key Name and Description.

**(5)** Click **Create**.

**(8)** Copy your `API-KEY` and your `API-SECRET` — `API-SECRET` will only be displayed once.

**(9)** Confirm that you have saved it securely, then click **Continue**.

### Managing and deleting tokens

From the **Developer** tab, you can **manage** API tokens existing on your Fullwhere Account. Click on the pencil icon on the right to change the **name** or **description** of your API key.

Click the trash icon to **delete** an API key.

{% hint style="info" %}
Token deletion is irreversible. Any integration using a deleted token will stop working until a new one is generated and configured.
{% endhint %}