# API keys

Use the Moov Dashboard to find and create API keys.

Moov uses API keys to generate tokens that authenticate your API requests. If your request does not include a valid token, you will receive an error.

## [Create a new API key](#create-a-new-api-key)

To create a new API key, navigate to **Developers** in the Dashboard. Select **API keys**, where you can create new API keys, or view and edit existing ones. Test mode and production mode each require their own API keys.

Only accounts with `admin` and `developer` permissions will be able to create and view API keys. For more on permissions, see [managing teams](/guides/dashboard/managing-teams).

1. Set a name for the API key. This field is customizable so you can remember the purpose of the API key you're creating.

<!--THE END-->

2. Copy your secret key and save it in a confidential, secure place.
3. Add any domains you will use for testing and production to the domain list. When making requests to `POST /oauth2/token` and subsequent API calls using that token, include an `Origin` or `Referer` header whose domain matches one entry in this list. `Origin` must be scheme and domain only — no path (for example, `https://your-domain.com`); `Referer` may include a path. Even if you have registered multiple domains, set only one — the one the current request originates from. If both headers are present, `Origin` takes precedence. `localhost` is not an accepted domain.
4. Optional: After creating a key, you can include a note to remind yourself where the key is stored (for example, "Stored as an environment variable in the payments service").

## [Find your API keys](#find-your-api-keys)

If you need to locate your API key, you can always find it in the [Moov Dashboard](https://dashboard.moov.io/developers/api). However, if your account doesn't have `admin` or `developer` permissions, you won't have access to view or create API keys. If you're unable to find your API key, you may want to request access from an administrator on your Moov account.

API keys contain a public key and a secret key. The secret key cannot be viewed in Moov after the API key is created, so we recommend immediately storing it in a safe place. If you have lost your secret key, you should delete that API key and create a new one.

## [Deactivate API keys](#deactivate-api-keys)

If your API key is compromised, delete it from the list of API keys in Moov. This will immediately ensure that the key cannot be used. You can then create a new key.