> ## Documentation Index > Fetch the complete documentation index at: https://help-plum.xoxoday.com/llms.txt > Use this file to discover all available pages before exploring further. # Create Your API Key Once you’ve received access to your sandbox or production account, follow these steps to generate your API key. All requests to the Xoxoday Rewards API must be authenticated. Xoxoday uses bearer authentication, where each request must include an HTTP header that includes your Client ID, Secret ID, and Access Token. The following guide explains how to generate your client ID, secret ID, and access tokens from the admin portal. ## How to Generate Your API Key 1. Log in to your Xoxoday Admin Dashboard (Sandbox or Production). 2. Go to Settings → API.\\ Chat Screenshot Aug 6 2025 3. Under the Reward API tab, click Generate Client ID. 80d03a78af63e1a2e8ce283fbc6bd6ea41cef808f8fd911923409827ace034f8 Screenshot 2025 08 17 At 4 42 34 PM 4. A pop-up will appear showing the scope of integration (Plum PRO API/Gift Card API). Click Save. Your Client ID and Secret ID will now be visible on the dashboard — copy and store them securely.\\ Chat Plum & Perks Image 5. Click on “Generate New Tokens”. C9342d005a457923658c5dd0fd254626825a116f85db4656be7c3ab349232d9d Screenshot 2025 08 06 At 4 34 40 PM 6. Confirm by clicking “Yes, Generate”. 6aa35c341ee2122be9626e8ab0fcf2e3783301ea3949bbd930cfea7b7608af3c Screenshot 2025 08 06 At 4 34 57 PM 7. Your Access & Refresh Tokens will be displayed — copy it immediately, as it will not be shown again. Chat Screenshot Aug 6 2025 (1) 8. Treat this token like a password. Keep it secure and never expose it publicly. ## Using the API Key To authenticate your API requests, include the access token in the Authorization header as a Bearer token: ```text theme={null} Authorization: Bearer ``` This header is required for all authenticated API calls to both sandbox and production environments. > Ensure that your token is kept secure and never exposed in client-side code or public repositories.