> ## Documentation Index
> Fetch the complete documentation index at: https://docs.smartcomply.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate requests to the Smartcomply API.

All requests to the Adhere API must include your secret key in the request headers. Requests without a valid key will return a `401 Unauthorized` error.

## Base URL

```
https://adhere-api.smartcomply.com
```

## Getting Your API Key

After completing your business KYC on the [Adhere dashboard](https://adhere-app.smartcomply.com):

1. Navigate to **Settings → API Keys**
2. Click **Generate Key**
3. Copy and store the key securely — it will not be shown again

## Request Headers

| Header           | Value               | Required |
| ---------------- | ------------------- | -------- |
| `x-access-token` | Your secret API key | Yes      |
| `Content-Type`   | `application/json`  | Yes      |

## Example Request

```bash theme={null}
curl -X POST "https://adhere-api.smartcomply.com/api/onboarding/nigeria_kyc/bvn/" \
  -H "x-access-token: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{"bvn": "22000000001"}'
```

## Security Best Practices

<Warning>
  Never expose your secret key in client-side code, public repositories, or logs.
</Warning>

* **Use environment variables** — store your key in `.env` files and load it at runtime, never hard-code it
* **Use separate keys per environment** — maintain distinct keys for development, staging, and production
* **Rotate keys periodically** — regenerate your key from the dashboard if you suspect it has been compromised
* **Restrict key usage** — only share keys with services that strictly need them
