# API keys and authentication

The OpenGate API is enabled by default on all accounts. You don’t have to do anything to turn on this feature. However, API keys are used to control access to the resources via the API.

The OpenGate API allows third-party applications or back-office systems to communicate with OpenGate. All users in your organization may use third-party applications to access your entities data such as iPhone apps, Android apps, or network-based communication built onto your own server.

The API key is sent using the X-ApiKey HTTP header. An example of POST request may look like this:

curl --request POST \
     --verbose \
     --header "X-ApiKey: YOUR_API_KEY_HERE" \
     --header "Content-type: application/json" \
     --data-binary @device.json \
     http://[your_opengate_address]/north/v80/provision/organizations/{organizationName}/devices

Additionally, it is possible to use basic authentication to identify yourself to the API service, however it is recommended to use API keys rather than basic authentication if you are embedding your credentials in an application, otherwise there is a risk to your password.