> ## Documentation Index > Fetch the complete documentation index at: https://docs.houdiniswap.com/llms.txt > Use this file to discover all available pages before exploring further. # API Keys & Authentication > Learn how to obtain and use API keys to authenticate with Houdini ## Overview All API access is managed through the [Houdini Partner Portal](https://app.houdiniswap.com/partner/login). After registration, you will receive: * An API key * An API secret * Access to usage analytics * Commission tracking * Withdrawal management All new accounts are created under the **Free tier**, which includes default rate limits. 1. Sign up using your email address 2. Verify your email 3. Log in to access your dashboard Wallet connection is optional but required for commission withdrawals. After logging in, your dashboard will display: * Your API Key * Your Secret Code Store your secret securely. It will be required for all authenticated requests. If your secret is exposed, contact support to rotate credentials. Sign up to get your API key and secret ## API Base URL All API requests should be made to: ``` https://api-partner.houdiniswap.com/ ``` ## Authentication Method Houdini uses API key and secret authentication passed via the `Authorization` header. ### Header Format Include your API key and secret in every request using this format: ```http theme={null} Authorization: : ``` ### Example Request ```javascript JavaScript theme={null} // Build query parameters const params = new URLSearchParams({ amount: '1', from: 'ETH', to: 'USDC', anonymous: 'true', useXmr: 'false' }); const response = await fetch(`https://api-partner.houdiniswap.com/quote?${params}`, { method: 'GET', headers: { 'Authorization': 'your_api_key:your_api_secret', // Mandatory compliance headers 'x-user-ip': '192.168.1.1', 'x-user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...', 'x-user-timezone': 'America/New_York' } }); const data = await response.json(); ``` ```bash cURL theme={null} curl -X GET "https://api-partner.houdiniswap.com/quote?amount=1&from=ETH&to=USDC&anonymous=true&useXmr=false" \ -H "Authorization: your_api_key:your_api_secret" \ -H "x-user-ip: 192.168.1.1" \ -H "x-user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36..." \ -H "x-user-timezone: America/New_York" ``` ## Mandatory Compliance Headers For compliance purposes, the following **headers** are **required** in all API requests: | Header Name | Description | Example | | ----------------- | -------------------------------- | ------------------------------------------------ | | `x-user-ip` | User's IP address | `"192.168.1.1"` | | `x-user-agent` | User's browser user agent string | `"Mozilla/5.0 (Windows NT 10.0; Win64; x64)..."` | | `x-user-timezone` | User's timezone | `"America/New_York"` | **Compliance Requirement**: These headers are mandatory for AML/KYC compliance. Requests without these headers will be rejected with a 400 error. ## API Documentation For complete API specifications and interactive documentation, refer to: View the full interactive API reference with request/response schemas and examples ## Rate Limits Read more about it on the dedicated Rate limits & Tiers page of the documentation. ## Security Best Practices **Critical**: Never expose your API key and secret publicly. This API is meant to be used in a **backend environment**, not directly in a frontend UI. * Never commit credentials to version control * Never expose them in client-side JavaScript * Always store them as secure environment variables * Use server-side API calls only ## Next Steps Choose your swap type and start integrating immediately Learn about routing types and order lifecycle