# Authentication To authenticate your account when using the API, including your API key and access token in the request. You can manage your access tokens, such as getting a test or production live access token or renewing them, in the Dashboard. It's important to keep your API access token secret since it carries many privileges. To access the API, Plutu uses access tokens. You must pass the access token and API key with all endpoint requests. {% hint style="info" %} * Do not store them in insecure or easily accessible locations. Client-side files, such as JavaScript or HTML files, should never be used to store sensitive information, as these can easily be accessed. * Do not store access tokens in code files that can be decompiled, such as Native iOS, Android, or Windows Application code files. * When making calls, always pass access tokens over a secure (HTTPS) connection. {% endhint %} ### **Generating Access Token** 1. Click on **Configurations** on the sidebar. 2. Click on the **API Keys & Token**. 3. Under the **Access token** section. 4. Select what environment to generate an access token and then click "**Generate**". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.plutu.ly/api-documentation/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.