# Authentication

export const authQueryParams = [
  {
    name: "time_frame",
    defaultValue: "24h",
    defaultActive: true,
  },
  {
    name: "limit",
    defaultValue: "5",
    defaultActive: true,
  },
];

export const authHeaders = [
  {
    name: "Authorization",
    defaultValue: "Bearer YOUR_API_KEY",
    defaultActive: true,
  },
];

The Fantastic.jobs API uses **Bearer token authentication**. Every request must include an `Authorization` header containing your API key.

```
Authorization: Bearer YOUR_API_KEY
```

You can find and manage your API keys on your [subscriptions page](/subscriptions).

## Example request

The example below makes an authenticated `GET` request to the [ATS jobs](/api/new-jobs#ats-jobs) endpoint, returning ATS-sourced postings from the last 24 hours.

<CodeTabs>
  <CodeTabPanel
    language="bash"
    title="curl"
    code={`curl --request GET \\
  --url 'https://data.fantastic.jobs/v1.0/active-ats?time_frame=24h' \\
  --header 'Authorization: Bearer YOUR_API_KEY'`}
  />
  <CodeTabPanel
    language="javascript"
    title="Node.js"
    code={`const response = await fetch(
  "https://data.fantastic.jobs/v1.0/active-ats?time_frame=24h",
  {
    method: "GET",
    headers: {
      Authorization: "Bearer YOUR_API_KEY",
    },
  }
);

const data = await response.json();
console.log(data);`}
  />
  <CodeTabPanel
    language="python"
    title="Python"
    code={`import requests

response = requests.get(
    "https://data.fantastic.jobs/v1.0/active-ats",
    params={"time_frame": "24h"},
    headers={"Authorization": "Bearer YOUR_API_KEY"},
)

data = response.json()
print(data)`}
  />
</CodeTabs>
<br/>
<OpenPlaygroundButton
  server="https://data.fantastic.jobs"
  method="get"
  url="/v1.0/active-ats"
  queryParams={authQueryParams}
  headers={authHeaders}
>
  Try in Playground
</OpenPlaygroundButton>

## Keep your keys secret

- Treat your API key like a password, never commit it to source control or expose it in client-side code.
- Use environment variables (e.g. `FANTASTIC_JOBS_API_KEY`) and load the key at runtime.
- Rotate your key immediately if you suspect it has been exposed. You can rotate your key on your [subscriptions page](/subscriptions).