# Authentication
The TickeTing API uses API keys to authenticate requests. You must provide a
valid API Key in the X-API-Key header of each request you make. There are two
ways to get a valid API Key:
1. Start a session with a valid TickeTing username and password (this gives
access based on the user's permissions).
2. Secure an integration key from a system administrator. Integration keys grant an
access level determined by the administrator on creation.

Session Authentication and Integration Keys are covered in the
[Authentication](#tag/Session-Management) section of this reference.