# Authentication LeaderOS uses a HTTP header to authenticate requests with an API key.\ The header is called `X-Api-Key` and the value is the API key. {% hint style="info" %} The API key can be found in the LeaderOS settings. {% endhint %} #### Examples {% tabs %} {% tab title="cURL" %} #### GET Request ``` curl https://yourwebsite.com/api/store/products -H "X-Api-Key: YOUR_API_KEY" ``` #### POST Request ``` curl https://yourwebsite.com/api/store/products -H "X-Api-Key: YOUR_API_KEY" -H "Content-Type: multipart/form-data" -X POST -d "username=test&password=test" ``` {% endtab %} {% tab title="PHP" %} #### GET Request 
// GET
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://yourwebsite.com/api/store/products");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$headers = [
    'X-Api-Key: YOUR_API_KEY'
];
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$output = curl_exec ($ch);
curl_close ($ch);
#### POST Request ```php // POST curl_setopt($ch, CURLOPT_URL, "https://yourwebsite.com/api/auth/login"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, [ 'username' => 'test', 'password' => 'test' ]); $headers = [ 'X-Api-Key: YOUR_API_KEY' ]; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $output = curl_exec ($ch); curl_close ($ch); ``` {% endtab %} {% tab title="JavaScript" %} #### GET Request ```javascript const instance = axios.create({ baseURL: 'https://yourwebsite.com', headers: { 'X-API-KEY': 'YOUR_API_KEY', }, }); // GET instance.get('/api/store/products'); ``` #### POST Request ```javascript const instance = axios.create({ baseURL: 'https://yourwebsite.com', headers: { 'X-API-KEY': 'YOUR_API_KEY', }, }); // POST instance.post('/api/auth/login', { username: 'test', password: 'test' }, { headers: { 'Content-Type': 'multipart/form-data', } }); ``` {% endtab %} {% endtabs %}