# Authentication

All requests to the Quote Engine are authenticated via an API key. If a request does not contain a valid key, the Quote Engine will return a `403` error. Requests must be sent over HTTPs.

---

#### Request Headers

Your `userToken` API key should be included in the header of all requests:

<table border="1" id="bkmrk-key-value-usertoken-" style="border-collapse: collapse; width: 62.716%;"><colgroup><col style="width: 50.0618%;"></col><col style="width: 50.0618%;"></col></colgroup><tbody><tr style="background-color: rgb(250, 250, 250);"><td>**Key**</td><td>**Value**</td></tr><tr><td>`userToken`</td><td>`{apiKey}`</td></tr></tbody></table>

---

#### Environments

Your `userToken` API key is the same for both the `TEST` and `PROD` environments.