# Registration & Authentication

### Registration

Access to Vaultera PCI is only available by demand. Please, contact us via <sales@vaultera.co> to get your account. We provide a free trial for any system.

If you are a developer and wish to test please get in touch, the process is simple. We cannot provide self signup since it is a sensitive service.

### Authentication

#### API Key Authentication

After registration, you will receive `Master API Key`, which you can use as sign for your requests to our API.

To sign request by API Key, you should pass it as a GET argument into your query:

```
GET https://pci.vaultera.co/api/v1/api_keys?api_key={YOUR_API_KEY}
```

{% hint style="warning" %}
**MASTER API KEY NOTE**

We strongly recommend that you don’t use the **Master API Key** for testing, development or production environments. Instead, you should generate a **Second API Key** (count is not limited) via our API Key methods and use that.

If your **Second API Key** will be compromised, you can revoke it and generate a new one.
{% endhint %}

#### Session Token Authentication

Embedded operations such as Show card iframe or Card capture iframe use a `Session Token` to handle authorization. `Session Token` is a one-off key to perform an operation at your account.

We use a `Session Token` with embedded operations to prevent any potentials leaks, because the Embedded operations key is visible to the end client.

Read more about Session Tokens here.