# Encryption key (auth\_key)

To secure the authentication process, the data exchanged between the **APP** and the **PKSA** will be encrypted using an encryption key (`auth_key`). By encrypting these data, the **HAS** will be unaware of what's going on between the **APP** and the **PKSA** and unable to tamper with the authentication process.

Before initiating the authentication process, the **APP** must create an `auth_key` for each account it manages.&#x20;

The `auth_key` can be any **string**. However, we recommend using a [uuid](https://en.wikipedia.org/wiki/Universally_unique_identifier)  each time you generate a new `auth_key` to strengthen security.

{% hint style="info" %}
This `auth_key` should be stored by the **APP** if it plans to perform transactions later.
{% endhint %}

{% hint style="info" %}
Each account managed by the APP should use a different `auth_key`.
{% endhint %}

{% hint style="info" %}
The **APP** should create a **new** `auth_key` **each time it authenticates** **an account** and should never reuse it for another authentication.
{% endhint %}

For the **PKSA** to be able to decrypt the payload sent to it by the **APP**, the **APP** will have to share it with the **PKSA**. This can be done in two ways:

1. by embedding it in a QR code that the **PKSA** mobile app will scan
2. by encrypting it and embedding it in the `auth_req` authentication payload when running your own **PKSA** in  [Service Mode](/tutorials/pksa-code-example/service-mode.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hiveauth.com/developer-documentation/has-for-applications/encryption-key-auth_key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.