> ## Documentation Index
> Fetch the complete documentation index at: https://integration.wpay.com.au/llms.txt
> Use this file to discover all available pages before exploring further.

# Creating an API key for use with Secure Fields

Before the app can communicate with the API, create a new API key. The API handles authentication using a signed **JSON
Web Token** (JWT) which is passed in a HTTP header.

```bash theme={"system"}
curl -X GET https://api.example.gr4vy.app/transactions \
  -H "authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi..."
```

<Tip>
  Using an SDK is recommended. SDKs make the process of generating a token a lot easier and are probably
  available in the preferred programming language. This is covered in the
  next step.
</Tip>

## Create a new API key

To use the API you need to generate a new **API key**. Please reach out to your Wpay representative who provides you with the API key.

<Info>
  Learn more about private keys, key-pairs, and JWT in the
  [in-depth guide on authentication](/guides/api/authentication).
</Info>

## Summary

In this step:

* Learned about API authentication.
* Created a new private key for the API.
* Stored this API key in a secure place where the app can access it.