# Projects & API Keys

Once you create a Picket account, you can view your [account dashboard](https://picketapi.com/dashboard). To start developing with Picket, you'll need to create a project. You can think of a project as an application that you are going to use with Picket. Every account is created with an initial project, named `My First Project`, to help you get started!

### API Keys

Each project comes with a set of API keys that you must use to authorize your requests when interacting with the Picket API. Request without an API key will result in an error.

There are two types of API keys

* *Publishable keys*: These keys are used client-side and are meant for client-side libraries, like [picket-js](https://www.npmjs.com/package/@picketapi/picket-js). &#x20;
* *Secret keys*: As the name suggests, these must be kept secret. They are meant for server-side libraries, like [picket-node](https://www.npmjs.com/package/@picketapi/picket-node)

Authorization to the API is performed via [HTTP Basic Auth](http://en.wikipedia.org/wiki/Basic_access_authentication). Provide your API key as the basic auth username. You do not need to provide a password. API Authorization is handled for you in any of Picket's SDKs.

{% tabs %}
{% tab title="Curl" %}

```shell
curl https://picketapi.com/v1/{any_endpoint}
    -u YOUR_SECRET_KEY
```

{% endtab %}

{% tab title="Javascript" %}

```typescript
import Picket from "@picketapi/picket-js"
const picket = new Picket('YOUR_PUBLISHABLE_KEY_HERE')
```

{% endtab %}
{% endtabs %}

### Redirect URIs

Each project also has an associated list of *whitelisted* *redirect URIs*. Redirect URIs are part of the OAuth 2.0 standard and are validated as part of the client-side [auth flow](https://docs.picketapi.com/picket-docs/reference/concepts/auth-flow). &#x20;

Redirect URIs ensure that only your project (aka "client" or "application") can use the project's publishable key to authorize users. If you are testing out Picket locally at `http://localhost:3000/,` you can add `http://localhost:3000/` as a redirect URI to your project.&#x20;

{% hint style="info" %}
Notice the training slash in `http://localhost:3000/.`Trailing slashes matter in redirect URIs. If you want to ignore trailing slashes, add both `http://localhost:3000` and `http://localhost:3000`  to the project redirect URIs.
{% endhint %}

{% hint style="danger" %}
Only use trusted domains for production projects! Do not allow `http://localhost:3000` for a production application.
{% endhint %}