# Authentication

The MMS API v2 uses API keys to authenticate requests. API Key is assigned to a specific gym location only and has granular
permissions. Please make sure to keep it secure!

Authentication to the MMS API v2 is performed via the custom request header `x-api-key`. You just need to provide API Key as a
value.
We force to use HTTPS only, therefore calls made over plain HTTP will fail.