> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clickterm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the ClickTerm API using App ID and App Key credentials.

The ClickTerm API uses **App ID** and **App Key** credentials for authentication. These are passed as HTTP headers on every request for authenticated endpoints.

## Credentials

| Credential  | Where to use                    | Security                                      |
| ----------- | ------------------------------- | --------------------------------------------- |
| **App ID**  | Client SDK + API requests       | Public — safe to use in frontend code         |
| **App Key** | API requests only (server-side) | Secret — **never expose in client-side code** |

## How to authenticate

Pass both credentials as HTTP headers:

```bash theme={null}
curl -X GET \
  -H "X-APP-ID: your_app_id" \
  -H "X-APP-KEY: your_app_key" \
  "https://api.clickterm.com/public-client/v1/clickwrap-templates"
```

## Where to find your credentials

1. Log in to the [ClickTerm Dashboard](https://app.clickterm.com)
2. Go to **Integrations**
3. Click the gear icon on your integration
4. Your **App ID** is displayed at the top
5. Your **App Key** is shown once at creation — regenerate it if needed

<Warning>
  Never expose your **App Key** in client-side code. The App Key is used
  only for backend verification calls. The client SDK uses only the **App ID**.
  Store the App Key safely — it won't display again after creation, but can be
  regenerated. Regenerating the key requires updating your backend configuration.
</Warning>

## Regenerating the App Key

If your App Key is compromised or lost:

1. Open the integration configuration in the dashboard
2. Click **Regenerate App Key**
3. Update the key in your backend code

<Warning>
  After regeneration, the old key is immediately invalidated. All API calls
  using the old key will return `401 Unauthorized`.
</Warning>

## Client SDK authentication

The client SDK (Web and Android) uses **only the App ID** for initialization:

```javascript theme={null}
ClicktermClient.initialize("YOUR_APP_ID");
```

The App Key is intentionally not used in client-side code because anything running in users' browsers or mobile apps is visible to end users.
