# Security

Access to the HANK AutoCoder API is secured by three layers working together:

- **Firewall** — network-level protection in front of the service.
- **SSL** — every request is made over an encrypted TLS connection.
- **API key** — a per-customer <Term slug="api-key">API key</Term> is provided to each customer per API. The key enables **multi-tenancy per request**, isolating your data from every other customer on each call.

The key is sent in the `x-api-key` request header:

```http
x-api-key: <your-api-key>
```

| Field | Value |
| --- | --- |
| API Key header | `x-api-key` |
| API Key value | to be provided |

Your API key value is provisioned per customer — contact your Hank.ai representative to obtain one. Treat it like a password: keep it server-side and never commit it to source control.
