> ## Documentation Index > Fetch the complete documentation index at: https://docs.yapily.com/llms.txt > Use this file to discover all available pages before exploring further. # Authentication > Learn how to authenticate with the Yapily API ## Overview The Yapily API uses **HTTP Basic Authentication**. You authenticate using: * **Username**: Application ID * **Password**: Application Secret For comprehensive setup instructions, see the [API Authentication Guide](/getting-started/integration-setup/api-authentication). Never commit credentials to version control. Store them securely using environment variables. ## Getting Credentials 1. Log in to [Yapily Console](https://console.yapily.com) 2. Navigate to **Applications** 3. Create or select an application 4. Download your Application ID and Secret The Application Secret can only be retrieved once. Store it securely. ## Making Authenticated Requests ```bash cURL theme={null} curl -X GET 'https://api.yapily.com/institutions' \ -u 'YOUR_APPLICATION_ID:YOUR_APPLICATION_SECRET' ``` ```python Python theme={null} import requests from requests.auth import HTTPBasicAuth response = requests.get( 'https://api.yapily.com/institutions', auth=HTTPBasicAuth('YOUR_APPLICATION_ID', 'YOUR_APPLICATION_SECRET') ) ``` ```javascript JavaScript theme={null} const axios = require('axios'); const response = await axios.get('https://api.yapily.com/institutions', { auth: { username: 'YOUR_APPLICATION_ID', password: 'YOUR_APPLICATION_SECRET' } }); ``` ## Using Consent Tokens After obtaining user consent, pass the consent token in the `consent` header: ```bash theme={null} curl -X GET 'https://api.yapily.com/accounts' \ -u 'YOUR_APPLICATION_ID:YOUR_APPLICATION_SECRET' \ -H 'consent: USER_CONSENT_TOKEN' ``` ## Security Best Practices * Store credentials in environment variables or secrets managers * Use HTTPS only (enforced by API) * Rotate credentials regularly * Revoke compromised credentials immediately ## Next Steps Discover available banks. Request user consent.