# Authentication

The Fantastic.jobs API uses **Bearer token authentication**. Every request must include an `Authorization` header containing your API key.

```
Authorization: Bearer YOUR_API_KEY
```

You can find and manage your API keys in the [developer portal](/api).

## Example request

The example below makes an authenticated `GET` request to the [ATS jobs](/api/new-jobs#ats-jobs) endpoint, returning ATS-sourced postings from the last 24 hours.

<CodeTabs>
  <CodeTabPanel
    language="bash"
    title="curl"
    code={`curl --request GET \\
  --url 'https://data.fantastic.jobs/v0.9/active-ats?time_frame=24h' \\
  --header 'Authorization: Bearer YOUR_API_KEY'`}
  />
  <CodeTabPanel
    language="javascript"
    title="Node.js"
    code={`const response = await fetch(
  "https://data.fantastic.jobs/v0.9/active-ats?time_frame=24h",
  {
    method: "GET",
    headers: {
      Authorization: "Bearer YOUR_API_KEY",
    },
  }
);

const data = await response.json();
console.log(data);`}
  />
  <CodeTabPanel
    language="python"
    title="Python"
    code={`import requests

response = requests.get(
    "https://data.fantastic.jobs/v0.9/active-ats",
    params={"time_frame": "24h"},
    headers={"Authorization": "Bearer YOUR_API_KEY"},
)

data = response.json()
print(data)`}
  />
</CodeTabs>

## Keep your keys secret

- Treat your API key like a password - never commit it to source control or expose it in client-side code.
- Use environment variables (e.g. `FANTASTIC_JOBS_API_KEY`) and load the key at runtime.
- Rotate your key immediately if you suspect it has been exposed. You can rotate your key in your account.