> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yapily.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

> Learn how to authenticate requests to the Yapily API using Basic Auth. Understand how to manage application credentials and secure your open banking integration.

Learn how to authenticate with Yapily's API.

***

## Introduction

Yapily's API uses HTTP Basic authentication.

Yapily provides an Application ID and Application Secret pair to authenticate requests. Each Application has its own unique ID and secret.

Credentials are retrieved, viewed and managed in the [Yapily Console](https://console.yapily.com/).

***

## Retrieve credentials

To retrieve your credentials:

1. Go to the [Yapily Console](https://console.yapily.com/)
2. Go to **Applications** and click **Create Application**
3. Choose a name for your application and click **Create application**
4. Click **Download Application ID & Application Secret** to download the json file containing the Application ID (`applicationUuid`) and Application Secret (`secret`)
5. Save the json file

<Warning>
  It is important to keep your credentials safe and secure. Do not share your Application Secret in publicly accessible areas such as GitHub or client-side code.
</Warning>

<Note>
  Once created, you're unable to retrieve your Application Secret again.
</Note>

***

## Authenticate API requests

In the request, your Application ID should be sent as the basic auth `username` and your Application Secret should be sent as the basic auth `password`.

You must submit the correct credentials when making API calls or you will receive a 401 "Unauthorized" error response.

For more information, see our [API reference](/api-reference/authentication).

***

## Revoke Application Secret

If you lose your Application Secret, or it is no longer secure, you need to revoke the secret and create a new one. The Application ID will not change.

<Warning>
  Revoking the secret will invalidate any requests that are using the old secret.
</Warning>

To revoke your Application Secret:

1. Go to the [Yapily Console](https://console.yapily.com/)
2. Go to **Applications** and click on your application
3. Under *API credentials* click **Revoke** next to the Application Secret, then click **Revoke and Generate new secret**
4. Download and save the json file containing the new Application Secret