# Authentication

The Travu API uses API keys to identify and authenticate requests. You can always find your keys at the Travu Office after complete Onboarding (Getting started [here](https://docs.mytripapi.com/#getting-started)). Note that you will not be needing to pass an PI Keys for the demo environment.

![NOTE: The Above Displayed Key is Invalid, DONT bother trying.](https://868570997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-McuMFNYPnCSU99vp7zH%2F-MdhuYTQGQ8x-QI8JbEd%2F-MdiFZPKpFw2NRBCLXHD%2Fapi%20key.PNG?alt=media\&token=8aef0166-62d3-43a8-96ee-8985824187dd)

Your API keys carry many privileges, so be make sure you keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Authorization to the API is performed through the `Bearer Token` Type Authentication scheme. To authorize requests, select the `authentication` section, select `Bearer Token` as Type, then include your token bearer API key into the Token field.

![NOTE: The Above Displayed Key is Invalid, DONT bother trying.](https://868570997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-McuMFNYPnCSU99vp7zH%2F-Me9ru7gz4et_38V8uyj%2F-Me9swCecoegtZombqhE%2FKEY.PNG?alt=media\&token=d4ab54e0-318a-4413-811e-cd42e171cace)

API requests without authentication will fail with the below response:

```json
{
    "status": 401,
    "message": "Missing authorization key"
}
```

API calls made with a wrong/invalid Token will also be rejected with the below response:

```json
{
    "status": 401,
    "message": "Invalid authorization key provided"
}
```

API calls made with a Token belonging to a banned/restricted Travu Business account will also be rejected with the below response:

```json
{
    "status": 401,
    "message": "This account has been blocked"
}
```