# Signing API requests

The Finqware API v1 has two base endpoints:

* <https://api.finqware.com/v1> - protected by TLS & API keys
* <https://api.finqware.com/v1s> - extra security: message signing & anti-tampering

In order to use the `v1s` endpoints, an external API consumer is required to sign a short-lived JWT with each API call and include the JWS inside an Authorization header. The signed JWT payload will include a digest (sha256) of the request, for anti-tampering protection.