# Key Authentication with HTTP Tunnel > Learn to secure connections with Pinggy's key-based authentication. Follow easy steps for tunnel creation, customize commands, and enhance connection security. > Source: https://pinggy.io/docs/http_tunnels/key_auth/ # Key Authentication Pinggy offers a mechanism for authenticating visitor connections using key-based authentication. Key-based authentication involves visitors providing an 'Authorization' header with the value `Bearer ` with each request made. Pinggy provides the option to set a collection of keys during tunnel creation. Start tunnel with key authentication as follows: ```bash # SSH - no install, works anywhere the ssh client is available ssh -p 443 -R0:localhost:8000 -t free.pinggy.io k:key ``` ```bash # Pinggy CLI - install with: npm install -g pinggy (or download the binary) ./pinggy -p 443 -R0:localhost:8000 -t free.pinggy.io k:key ``` Like basic authentication, one can set multiple keys as well. ```bash # SSH - no install, works anywhere the ssh client is available ssh -p 443 -R0:localhost:8000 -t free.pinggy.io k:key1 k:key2 ``` ```bash # Pinggy CLI - install with: npm install -g pinggy (or download the binary) ./pinggy -p 443 -R0:localhost:8000 -t free.pinggy.io k:key1 k:key2 ``` You can customize the command here: ```bash # HTTP tunnel forwarding localhost:8000 ssh -p 443 -R0:localhost:8000 free.pinggy.io ``` Configure more options (authentication, web debugger, custom domains, IP whitelisting, header rules) interactively at https://pinggy.io/docs/http_tunnels/key_auth/   If you run the command with your specified port where your service is running, you will get an output similar to the following: ![Key Authentication With HTTP Tunnel](/doc_img/key_auth_terminal.webp) Here, you can see that the tunnel is authenticated with the key `samplekey`. ![Key Authentication With HTTP Tunnel](/doc_img/key_auth.webp) ## Allow CORS By default, adding key authentication will stop all requests without a proper `Authorization` header. But this also interfares with the preflight requests for CORS. In order to allow the preflight requests without auth token, use the `x:passpreflight` option. Just pass the optional `x:passpreflight` argument at the end of the command the command. In addition, add the `-t` option right after the ssh command. ```bash # SSH - no install, works anywhere the ssh client is available ssh -p 443 -R0:localhost:8000 -t free.pinggy.io k:key x:passpreflight ``` ```bash # Pinggy CLI - install with: npm install -g pinggy (or download the binary) ./pinggy -p 443 -R0:localhost:8000 -t free.pinggy.io k:key x:passpreflight ```