# Quick Start

To use the API of Rekaz Platform, you must first obtain an access token. To do that, you need a username, password and the tenant name.

### API Key Management

#### Generating an API Key

1. Log into the dashboard.
2. Navigate to **User Management > API Keys**.
3. Click on **Generate New Key**. The system will display:

   * **Key**: Your API key
   * **Secret**: Your API secret
   * **Base64 Encoded**: The ready-to-use Base64 encoded credentials

   Make sure to copy and store these values immediately as they are displayed only once.

#### Regenerating an API Key

To regenerate an API key:

1. Go to **User Management > API Keys**.
2. Select **Regenerate Key** for the key you wish to replace.
3. Confirm the action. Note that regenerating a key will revoke the old one and display the new credentials (including the Base64 encoded string) once.

#### Using API Keys for Authentication

To authenticate API requests using Basic Authentication:

**Option 1: Use the provided Base64 encoded string (Recommended)**

* Copy the **Base64 Encoded** value from the API key creation modal
* Include it directly in your HTTP request headers

**Option 2: Manual encoding**

1. Combine the API key and secret into a single string with the format: `key:secret`.
2. Encode this string in Base64 format.
3. Include the Base64-encoded string in your HTTP request headers as follows:

```http
Authorization: Basic {base64_string}
```

Replace `{base64_string}` with your Base64-encoded credentials. Always ensure you are making requests over HTTPS to secure your credentials.

#### How to Copy the Tenant ID and Attach It to the Header

**Step 1: Locate the Tenant ID**

* Navigate to the **API Keys** page in the application.
* Look for the **ID** displayed on the page.

**Step 2: Copy the Tenant ID**

* Click the **Copy** icon next to the ID to copy it to your clipboard.

**Step 3: Attach the Tenant ID to the Header**

* Include the Tenant ID in the header using the following format:

```http
__tenant: <YOUR TENANT ID>
```

#### 🌐 Examples for Clarity

To make it perfectly clear, we'll go through an example for creating a customer, which is typically the first use case of our API after obtaining an access token.

**Example 1: Post a customer**

Assume your access token is the string "abcdefgh". Note that tokens are a lot longer in reality.\
Let's send a POST request to `/api/public/customer`\
Depending on your programming language, framework or tool, you need to add HTTP headers as follows:

```http
Content-Type: "application/json"
Authorization: "Basic abcdefgh"
_tenant: "123456"
```

For this particular request, the **body** needs to define the customer information, these values:

```json
{
    "name": "Abdulaziz",
    "mobileNumber": "05123456789",
    "customerType": 1 // 1 for individuals, 2 for corporates
}
```

Sending this request should return a `200 OK` response. If it returns a `401 Unauthorized`, check these options:

* Make sure you formatted the access token in the headers correctly as shown above.
* The access token might have expired, since it only lasts an hour.
  * If it has expired, request a new access token.

#### Webhook Integration

For information about integrating with our webhooks system, please refer to the [webhooks](https://docs.rekaz.io/webhooks "mention") documentation file.

That is all for now. Please report any bugs or weird behavior in our API to us.