Most APIs in this integration require authentication. The only exception is the `/orders/pay` API, which does not require any authentication and can be safely done from the browser as well.

**Standard authentication**

• The standard authentication uses two specific headers `x-client-id` and `x-client-secret`. Please pass your `appId` and `secretKey` in these fields. (see screenshot below to access these from dashboard)

• Please ensure that your secret key is securely placed and cannot be accessed by anyone.

• Also never call any API which requires authentication from the client as that would require you to expose the secret key to the client.

Below is a curl request which shows how to pass these headers in the API call.