# Access keys for basic authentication

If you're using basic authentication (also known as server-to-server or S2S), Pismo provides you with an encryption key pair—a server key and a server secret. These are the credentials your client applications will use to connect to the Pismo platform.

* **Server key** (`server_key`)—identifies and authenticates your server (public identifier)
* **Server secret** (`server_secret`)—used to prove identity (must remain confidential)

If you're a Control Center administrator, you can list all access keys related to your organization, create new keys, or deactivate keys from the **Access keys** screen.

> 📘 Dual approval
>
> If your company is using the dual approval feature (beta release), creating or deactivating an access key requires approval. With dual approval, you initiate the change and submit a request for approval. A second person must review and approve it. The change doesn't take effect until the request is approved.
>
> If you don't create an access key within 24 hours of approval, the approval expires and you must request approval for a new access key.
>
> For more information about dual approval, refer to [Dual approval](https://developers.pismo.io/pismo-docs/docs/dual-approval).

To create access keys:

1. From the main menu, select **Users & permissions** > **Access keys**.

2. On the **Access keys** screen, select **Create key** to generate a new key pair.\
   Note: you can only create access keys during business hours of the timezone defined for the environment. A highlighted message is displayed across the top of the screen if you are working outside of the defined environment's work hours.

3. Select **Copy credentials** to copy the keys to your computer's clipboard.

> 🚧
>
> The credentials are displayed only once. Store them in a safe place for later reference. If you lose them, you must generate a new pair.

To deactivate an existing access key:

1. From the main menu, select **Users & permissions** > **Access keys**.
2. On the **Access keys** screen, find the key you want to deactivate and slide the status indicator to the left to switch from **Active** to **Deactivated**.
3. A warning dialog displays to indicate that deactivating the access key is permanent and the key cannot be reactivated. If you need access again, you will need to create a new key. To continue to deactivate the key, select **Deactivate key**.

For more information about Control Center security, refer to [Security guide for Control Center](https://developers.pismo.io/pismo-docs/docs/security-guide-for-control-center).