# Authentication

Sales Layer REST API operations require an API key sent in the `X-API-KEY` request header.

The API key identifies the customer account and authorizes access to the APIs available for that account.

## Required header

Send the API key in every request:


```http
X-API-KEY: YOUR_API_KEY
```

Replace `YOUR_API_KEY` with the key provided for your Sales Layer account.

## Example request


```bash
curl -X GET 'https://api2.saleslayer.com/dam/image?$top=10' \
  -H 'X-API-KEY: YOUR_API_KEY'
```

## How to obtain an API key

To obtain an API key, contact Sales Layer support or your account representative.

Use this email address:


```text
support@saleslayer.com
```

When requesting access, include enough context for the Sales Layer team to identify the account and the intended integration.

Recommended information:

* Customer or account name.
* Environment or project where the integration will run.
* API areas needed, such as DAM, Catalog, or both.
* Short description of the integration use case.
* Technical contact for follow-up questions.


## Security recommendations

Treat API keys as secrets:

* Do not expose API keys in frontend code, public repositories, screenshots, or logs.
* Store API keys in a secret manager or protected environment variable.
* Restrict access to the key to the systems and people that need it.
* Rotate the key if it may have been exposed.
* Use separate keys per environment when available.


## Failed authentication

Requests without a valid API key are rejected.

Common causes:

* The `X-API-KEY` header is missing.
* The header value is empty.
* The key was copied with extra spaces or hidden characters.
* The key is not valid for the target account or API.
* The key has been revoked or replaced.


## Troubleshooting checklist

Before contacting support, verify:

* The request is sent to the correct base URL.
* The `X-API-KEY` header is present in the final HTTP request.
* The key value is not surrounded by quotes unless your HTTP client requires them.
* The key is loaded correctly from your deployment environment.
* The same request works in a controlled tool such as curl or Postman.


## Support

For technical support, API questions, or help getting access to an API key, contact Sales Layer support or your account representative.