> **Source:** https://knowledge.leegality.com/document-execution/api/authentication > **Site:** Leegality Knowledge Base — https://knowledge.leegality.com > **About:** Leegality is a document execution platform covering eSigning, stamps, NeSL, workflows, and REST API integration. > **Navigation:** Every article on this site has a plain-text version at `.txt` (this format). To get an index of all articles with their `.txt` links, read: https://knowledge.leegality.com/llms.txt > **AI Guide:** For instructions on how to navigate this knowledge base as an AI agent, read: https://knowledge.leegality.com/ai-readable.txt --- # Authentication The Auth Token authenticates all API requests to Leegality. This section explains how to generate the token from your dashboard. When you enable the API, you receive two credentials: 1. **Auth Token**: Required in the `X-Auth-Token` header for all API requests 2. **Private Salt**: Used to verify webhook authenticity via HMAC-SHA1 signature. Learn more about [webhooks](https://knowledge.leegality.com/document-execution/api/webhooks/webhook-event-types) 1. Log in to your Leegality Dashboard - **Production:** https://dashboard.leegality.com - **Sandbox:** https://sandbox-dashboard.leegality.com 2. Click the **Settings** ⚙️ icon in the top right corner 3. Navigate to **Settings > API** from the left panel 4. Click the **Enable API** button to generate your credentials. 5. Click the **Copy** icon next to **Auth Token** > **Info — Environment Separation** > > Sandbox and Production have separate *auth token* and *private salt*. ## Using Your Auth Token Include `X-Auth-Token` and `Content-Type` headers in every API request: ```bash curl --location 'https://app1.leegality.com/api/v3.0/sign/request' \ --header 'X-Auth-Token: your_auth_token_here' \ --header 'Content-Type: application/json' \ --data '{}' ``` > **Warning** > > Do not use an `Authorization: Bearer` header — Leegality uses `X-Auth-Token` exclusively. Including both will cause authentication to fail.