> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fourthwall.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with shop-level API keys using Basic Access Authentication

<Info>
  **Which authentication method should you use?**

  * **Basic Auth** - Use this if you are building integrations for **your own shop**. This is the most common use case and what most developers need. Simply create API credentials and include them with each request.

  * **OAuth** - Use this only if you are building an app that will be used by **multiple different shops** (e.g., a third-party integration that other Fourthwall creators will install). See the [OAuth guide](/guides/oauth) for details.
</Info>

The simplest way to authenticate is with a shop level API key. This key will give you unrestricted access to all API endpoints for your shop.

## Getting credentials

<Note>
  The creation of API credentials is reserved for users with the **SUPER ADMIN** role.
</Note>

1. Navigate to [For developers](https://my-shop.fourthwall.com/admin/dashboard/settings/for-developers?redirect) to create an API user.
2. If API credentials haven't been generated yet, you will find a "Create API User" button under the "Open API" section. Click on it, and shortly after, the Username and Password for the Open API User will be provided.

<Warning>
  Keep your API credentials confidential and do not share them with unauthorized personnel. These credentials grant access to sensitive data and actions within our system. Always use HTTPS/SSL for encrypted communication when making API requests.
</Warning>

## Authorizing with credentials

After Open API User was created, you can authorize your request by using **Basic Access Authentication**.

This can be achieved by constructing an **Authorization** header with the format **Basic base64-encoded-username-and-password**. The base64-encoded credentials should be passed with each request to gain access to the protected resources.

<CodeGroup>
  ```bash cURL theme={null}
  curl -u "your_username:your_password" https://api.fourthwall.com/open-api/v1/order/{YOUR_ORDER_ID}
  ```

  ```javascript JavaScript theme={null}
  const username = "your_username";
  const password = "your_password";

  // Combine username and password with a colon
  const combinedCredentials = `${username}:${password}`;

  // Encode the combined credentials to Base64
  const base64Credentials = btoa(combinedCredentials);

  const apiUrl = "https://api.fourthwall.com/open-api/v1/order/{YOUR_ORDER_ID}";
  const requestOptions = {
    method: "GET",
    headers: {
      "Authorization": `Basic ${base64Credentials}`,
      "Content-Type": "application/json"
    }
  };

  fetch(apiUrl, requestOptions)
    .then(response => response.json())
    .then(data => {
      console.log(data);
    })
    .catch(error => {
      console.error("Error:", error);
    });
  ```
</CodeGroup>