# Introduction

The DFend API follows [REST](http://en.wikipedia.org/wiki/Representational_State_Transfer) conventions, with resource-oriented URLs that accept and return [JSON-encoded](http://www.json.org/) data. It uses standard [HTTP response codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) and [methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods).&#x20;

## Authentication

You will authenticate requests by including an API key in the <mark style="color:green;">**`x-api-key`**</mark> header. Your account comes with two types of keys. Here's how you'll use them.

{% hint style="info" %}
Found in **Dashboard** under [Settings > Keys.](https://dashboard.dfend.app/dashboard/setup/api-keys)
{% endhint %}

### Publishable key

You will use your **publishable** API key to send signals from a website or app (an untrusted environment)**.** When using JavaScript, you can use our [JS SDK](https://dfend.gitbook.io/documentation/developer-api/js-sdk) for convenienc&#x65;**.**

### **Secret key**

You will use your **secret** API key to send signals from a server (a trusted environment). Certain extra functionality and expanded data is available when using this type of key.

### In use

Always include the correct API key in the <mark style="color:green;">**`x-api-key`**</mark> header when sending requests to our API.

#### Example (Node.js)

```typescript
import fetch from 'isomorphic-fetch';

const apiUrl = 'https://api.dfend.app';

const headers = {
  Accept: 'application/json',
  'Content-Type': 'application/json',
  'X-Api-Key': process.env.DFEND_SECRET_KEY
};

const post = async (endpoint, data = {}) => {
  const res = await fetch(`${apiUrl}/${endpoint}`, {
    method: 'POST',
    body: JSON.stringify(data),
    credentials: 'omit',
    headers
  });
  return res.json();
};

const createIdentity = (data = {}) => {
  return post('identity', data);
};

try {
  const { id, created, merged } = await createIdentity({
    userId: 'PU4ME2B68N8K6xz0Ku0BQ',
    name: 'Jane Doe',
    email: 'jane@yourdomain.com',
    phone: '+15435551234',
    merge: true,
    metadata: {
      test: true
    }
  });
  console.log('[DFend] identity created:', id);
  // You can now send signals to DFend with the Identity ID or user ID.
} catch (e) {
  console.error(e);
}
```

<br>