> ## Documentation Index
> Fetch the complete documentation index at: https://developers.circle.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CPN integration concepts

This page discusses key concepts for integrating with CPN. Understanding these
concepts can help you integrate with CPN more effectively.

## Authentication

CPN authenticates your API requests using a unique key associated with your
account. All authentication is performed in the HTTP header of requests to the
API. If a key is not provided, or an incorrect key is provided, the API returns
a `401 - Invalid Credentials` error. All requests must use HTTPS; the API
rejects any requests using plain HTTP.

Circle provides API keys for authentication with the CPN API. These keys are
provided manually during onboarding. The following is an example of how to set
up the authentication header:

```shell Shell theme={null}
curl --location --request GET 'https://api.circle.com/v1/cpn/payments' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer {YOUR_API_KEY}'
```

### Security notes

* Your API key provides full access to the CPN API, so make sure they are stored
  securely. They should never be exposed in public repositories and they should
  only be shared within your organization using secure methods. As a best
  practice, you should rotate your API keys periodically.
* When setting up your API key with Circle, you can request that only certain IP
  addresses be allowed to make API calls using the key. Talk to your Circle
  representative about establishing an IP allowlist for your API key.
* You should ensure that API requests are always made over TLS/encrypted
  connections to prevent the exposure of your key.
* For webhook subscriptions, you must provide an HTTPS endpoint, and validate
  the signature with Circle-provided public keys.

## Idempotency

For endpoints that create transactions and payments, CPN requires an idempotency
key to be included in the request body. The idempotency key must be in the UUID
∂v4 format. This allows the API to identify if a repeated request is unique or
duplicate, and prevent unintended duplicate transactions.

To generate an idempotency key, use a UUID generator in your selected
programming language. Generated UUIDs can then be passed to the API as
idempotency keys.
