# API Authentications & Security

### Introduction

Resmic Pro requires an API key for secure access to its payment services. This section explains how to obtain and use your API key while ensuring best security practices.

### Step 1: Subscription Requirement

Before generating an API key, users must have an active subscription. You can either:

* **Buy a plan** from the dashboard.
* **Start a free 20-day trial** to test the service.

### Step 2: Generating an API Key

1. Log in to your Resmic Pro dashboard.
   1. Navigate to the <kbd>**Developer**</kbd> section.
2. If you have an active plan, click on <kbd>**Generate Key**</kbd>.
3. Copy and securely store your <kbd>`API_KEY`</kbd>  & <kbd>`User_id`</kbd> It will only be shown once.

### Step 3: Using Your API Key

Your API key must be included in the `Authorization` header of every request:

{% hint style="warning" %}
Representational, Not an actual endpoint
{% endhint %}

```
curl -X POST "https://api.resmic.com/payments" \
     -H 'x-api-key': <Your_API_KEY>,
        'x-user-id': <Your_User_Id>     
```

### Step 4: Security Best Practices

* **Keep your API key confidential** – Do not expose it in frontend code or public repositories.
* **Rotate API keys periodically** – Generate a new key and update your integrations regularly.
* **Use environment variables** – Store API keys in `.env` files instead of hardcoding them.

### Step 5: Regenerating or Revoking an API Key

1. Go to the **API Keys** section in your dashboard.
2. Click on **Revoke** to disable an existing API key.
3. Generate a new key if needed and update your application accordingly.

### Conclusion

Your <kbd>`API_KEY`</kbd> and <kbd>`User_Id`</kbd>is essential for integrating with Resmic Pro securely. Follow the best practices to protect your key and ensure seamless transactions. For more details, refer to the API Documentation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.resmic.com/resmic-pro/api-authentications-and-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.