# Secure your mock APIs Now that Mocklets APIs are being used in production environment to manage Application Configuration and experiment with new features, there is a need to secure the APIs against unauthorized use. Collections have a Private key associated to them. You will find it in Auth Credentials in Collection Settings dialog. ![](/files/-LszMlCsL7faK8mxked2) To set an API as secured, just select the option **Mark API as Secure** in API settings. ![](/files/-LszN7EGBOyKqK3R1-W8) That's it, your API is now secure! \ Now all the unauthorized requests to the above API will start failing. ### Making Authorized requests Once your API is set as secured, you cannot connect to it through unauthorized requests. In order to make an authorized request, you need to provide Auth headers with your requests. ```yaml X-Mocklets-PublicKey : PUBLIC_KEY X-Mocklets-Checksum : b2b449452e99c7804585021971fb7a84 ``` **X-Mocklets-PublicKey**\ Public key is a string value used by client system to create the checksum. Public key is created by the client. **X-Mocklets-Checksum**\ To generate checksum, you have to create **MD5 hash** string for **Public key (**provided in X-Mocklets-PublicKey header**)** and **Private key** (from Mocklets collection settings) pair. ``` checksum = MD5_HASH(PUBLIC_KEY : PRIVATE_KEY) ``` Please refer the following code snippets to generate MD5 Hash. {% tabs %} {% tab title="Java" %} ```java import java.nio.charset.StandardCharsets; import java.security.MessageDigest; . . String plainText = PUBLIC_KEY + ":" + PRIVATE_KEY; MessageDigest md = MessageDigest.getInstance("MD5"); byte[] hashInBytes = md.digest(password.getBytes(StandardCharsets.UTF_8)); StringBuilder builder = new StringBuilder(); for (byte bt : hashInBytes) { builder.append(String.format("%02x", bt)); } String checksum = builder.toString(); ``` {% endtab %} {% tab title="Kotlin" %} ```kotlin import java.security.MessageDigest . . val plainText = PUBLIC_KEY + ":" + PRIVATE_KEY val bytes = MessageDigest.getInstance("MD5").digest(plainText.toByteArray()) val builder = StringBuilder() for (bt in bytes) { builder.append(String.format("%02x", b)) } val checksum = builder.toString() ``` {% endtab %} {% tab title="JavaScript" %} ```javascript const md5 = require('md5'); . . const checksum = md5(PUBLIC_KEY + ':' + PRIVATE_KEY); ``` {% endtab %} {% tab title="Python" %} ```python import hashlib . . md5 = hashlib.md5() md5.update(PUBLIC_KEY + ":" + PRIVATE_KEY) checksum = m.hexdigest() ``` {% endtab %} {% endtabs %} You can also use online MD5 hash generator tools to create checksum value. One such tools is [**https://www.md5online.org**](https://www.md5online.org). ![online MD5 generator](/files/-Lt0sacy-9NPI1WHcoeU) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mocklets.com/secure-your-apis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.