# Basic HTTP authentication

[HTTP Basic authentication ](http://en.wikipedia.org/wiki/Basic_access_authentication)works on all Sinch REST APIs. Basic auth is often the preferred option for testing because it is simple and easy to use.

Important!
Basic authentication is intended for test purposes only, and should only be used for experimenting with APIs and building prototypes. API calls using basic authentication are heavily rate limited, and these limits may change at any time without warning. Production systems should use OAuth access tokens instead.

Basic authentication is sent in the authorization header with each call.

No matter the programming language, there are three main components for successful basic authentication in a request:

- The designation of authorization type, which is `basic`
- The `username`, which in Sinch's case is `YOUR_Key_ID`, corresponding to your project
- The `password`, which is `YOUR_Key_Secret`, again, corresponding to the project


You can view and manage your API credentials [here](https://dashboard.sinch.com/settings/access-keys).

Need help?
Check out [this article](https://community.sinch.com/t5/Virtual-Numbers/What-is-a-project-and-where-do-I-find-the-key-and-secret/ta-p/8794) for a walk-through on finding your key and secret.

When you're ready for production, be sure to [check out our OAuth2.0 authentication](/docs/number-lookup-api-v2/api-reference/authentication/oauth) process for greater security.

To use basic auth in an API call, do the following:

1. First, create a new access key [in the Sinch Build Dashboard](https://dashboard.sinch.com/settings/access-keys) by clicking **Create Access Key**.
2. Copy your **project ID**, **key ID**, and **key secret**.
Keep your key secret somewhere safe as it is **only viewable upon initial project creation**. The project ID and key ID are always readily available in the Sinch Build Dashboard. If you misplace your key secret, simply generate a new key!
3. Use your key ID as the username (sometimes called the `client_id`) and your key secret as the password (can be referred to as the `client_secret`) in every call made to a Sinch API.


## Examples

This example will return the number lookup information for the specified phone number using the [Number Lookup API](/docs/number-lookup-api-v2/getting-started). Replace all relevant parameters with your credentials (including the angle brackets `<>`).


```shell
curl -i -X POST \
-u <username>:<password> \
https://lookup.api.sinch.com/v2/projects/<YOUR_PROJECT_ID_HERE> \
 -H 'Content-Type: application/json' \
-d '{
  "number": "+1235559988",
  "features": [
    "LineType",
    "SimSwap"
    ]
  }'
```