# Authentication

Authenticating to the CrossTrade API is simple and uses Bearer token authentication to protect your account and your data.

Each user account is granted a single Bearer token that is used for both webhook requests as a secret key in the `key` field from TradingView (example) and as the Bearer token in API requests. It is secret and should not be shared with anyone.

Tokens cannot be changed, replaced, or exchanged by a user. If you believe your token has been compromised and you absolutely must change it, please [Contact Us](https://crosstrade.io/contact).

## About Bearer Authentication

**Bearer authentication** (also called **token authentication**) is an [HTTP authentication scheme](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the `Authorization` header when making requests to protected resources:

```
Authorization: Bearer <token>
```

The Bearer authentication scheme was originally created as part of [OAuth 2.0](https://swagger.io/docs/specification/authentication/oauth2/) in [RFC 6750](https://tools.ietf.org/html/rfc6750), but is sometimes also used on its own. Similarly to [Basic authentication](https://swagger.io/docs/specification/authentication/basic-authentication/), Bearer authentication should only be used over HTTPS (SSL).

## Bearer Tokens in the CrossTrade API

On each subsequent page in these API documents you will see the following required headers needed to implement Bearer Authorization.

**Headers**

| Name          | Value              |
| ------------- | ------------------ |
| Content-Type  | `application/json` |
| Authorization | `Bearer <token>`   |

## Finding Your Bearer Token

On the [My Account](https://crosstrade.io/user/my-account) page of your CrossTrade web dashboard, you will see an option to "Reveal" your secret key. This is your Bearer token.

<figure><img src="https://993090024-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI6t5LesvaGZE6r1KML4v%2Fuploads%2Fk6EbqjA9piSW1CXhnf0x%2Fmy-account-secret-key-and-webhook.png?alt=media&#x26;token=897a81b2-97c5-4f83-8d83-06f07cce0681" alt=""><figcaption></figcaption></figure>