# API Authorization
> The `Niro` has two types of route authorization, with the `master key` and the `private key`.
* `Master Key` Main key accessed through `process.env.MASTER_KEY`.
* `Private Key`Private key generated by the user.
{% hint style="info" %}
All routes in the system are protected by authorization middleware.
{% endhint %}
## Accessing protected route
> You need to provide the `authorization` header to enter the value of the `maste key`.
{% hint style="warning" %}
You must provide some security header. If you choose to provide your private key, enter the three headers that are required. By sending the private key, the**`authorization`** header does not need to be entered.
{% endhint %}
Example routing with `authorization` header:
## Get All Users
`GET` `http://localhost:4000/api/users`
Returns all registered users.
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | -------------- |
| authorization\* | String | Security Field |
| key\_tag | String | Security Field |
| key\_secret | String | Security Field |
| key\_value | String | Security Field |
{% tabs %}
{% tab title="200: OK " %}
```json
{
"id": "{STRING}",
"username": "{STRING}"
}
```
{% endtab %}
{% endtabs %}
Example of routing with `private key` headers:
## Get All Users
`GET` `http://localhost:4000/api/users`
Returns all registered users.
#### Headers
| Name | Type | Description |
| --------------------------------------------- | ------ | -------------- |
| authorization | String | Security Field |
| key\_tag\* | String | Security Field |
| Key\_secret\* | String | Security Field |
| key\_value\* | String | Security Field |
{% tabs %}
{% tab title="200: OK " %}
```json
[
{
"id": "{STRING}",
"username": "{STRING}"
}
]
```
{% endtab %}
{% endtabs %}