# Authentication API request must be authorized. This is achieved by including an "**x-api-key**" and a "**signature**" in the request headers. The API key is used to identify the SubAccount, while the signature provides a layer of security to verify the request's authenticity. ### These are encoded as HTTP headers named * **x-api-key** (Your API key) * **signature** (Signature created using your API secret) #### Example | Header | Data | | ------------- | ------------------------------------------------------------------------------ | | **x-api-key** | A24b4fSJ8SKhowxlY | | **signature** | 1712042205773.da41de13228cafdef8189df03c946a7e2184ce5afbe610753397a869367efcc6 | ### Javascript Example ```javascript const CryptoJS = require("crypto-js"); const axios = require("axios"); const apiDomain = "{{API_DOMAIN}}"; const api_key = "{{API_KEY}}"; const api_secret = "{{API_SECRET}}"; async function sendRequest () { const apiPath = "/api/payout/single"; const httpMethod = "POST"; let nonce = new Date().getTime(); const signedPayload = `${nonce}.${api_key}`; const expectedSignature = CryptoJS.HmacSHA256(signedPayload, api_secret).toString(); let sig = nonce + "." + expectedSignature; try { const data = { receiver_id: "a0bb742e-2b17-4698-be2d-3226c64aec03", account_id: "6dea4c0d-7825-4636-a0b0-c4895d451244", amount: 2121, currency: "AUD", reference: "ref2121", note: "Payout for Mike 2121" }; const resp = await axios(`${apiDomain}${apiPath}`, { method: httpMethod, headers: { "x-api-key": api_key, "signature": sig, }, data: data }); console.log("Result: ", resp.data); } catch (error) { console.log("error", error.response.data); } } sendRequest(); ```