> ## Documentation Index
> Fetch the complete documentation index at: https://unkey.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Local development

> Test your application's Principal header handling locally without running a Sentinel. Mock the identity object for local development and testing.

<Info>
  Unkey Deploy is in public beta. To try it, open the product switcher in the
  top-left of the dashboard and select **Deploy**. During beta, deployed
  resources are free. We're eager for feedback, so let us know what you think
  on [Discord](https://unkey.com/discord), [X](https://x.com/unkeydev), or
  email [support@unkey.com](mailto:support@unkey.com).
</Info>

The [Principal](/platform/sentinel/principal/overview) is plain JSON with no encryption or signing. During local development, you can set the `X-Unkey-Principal` header yourself to test your application's authentication handling without running a Sentinel.

<Warning>
  The `X-Unkey-Principal` header has no cryptographic signature. When you deploy to Unkey, the Sentinel always sits in front of your app and strips any client-supplied header before setting its own. Traffic cannot reach your API without going through the Sentinel, so forged headers are not a concern.

  If you self-host or expose your app through other infrastructure (direct port-forward, misconfigured ingress, or similar), anyone who reaches it directly can forge the header. Never expose your app to untrusted traffic without a Sentinel in front of it.
</Warning>

## Send a Principal with curl

Pass the Principal as a JSON string in the header:

```bash theme={"theme":"kanagawa-wave"}
curl http://localhost:8080/api/resource \
  -H 'X-Unkey-Principal: {"version":"v1","subject":"test_user","type":"API_KEY","source":{"key":{"keyId":"key_test","keySpaceId":"ks_test","meta":{},"roles":["admin"],"permissions":["api.read","api.write"]}}}'
```

## Use a Principal file

For repeated testing, store the Principal in a file and reference it. This keeps your curl commands readable and makes it easy to switch between test scenarios.

```bash theme={"theme":"kanagawa-wave"}
cat > principal.json << 'EOF'
{
  "version": "v1",
  "subject": "test_user",
  "type": "API_KEY",
  "identity": {
    "externalId": "test_user",
    "meta": { "plan": "pro" }
  },
  "source": {
    "key": {
      "keyId": "key_test",
      "keySpaceId": "ks_test",
      "meta": {},
      "roles": ["admin"],
      "permissions": ["api.read", "api.write"]
    }
  }
}
EOF

curl http://localhost:8080/api/resource \
  -H "X-Unkey-Principal: $(cat principal.json | jq -c)"
```