> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ardie.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your API requests

## Bearer Token Authentication

All API requests require authentication using a Bearer token in the `Authorization` header.

```bash theme={null}
Authorization: Bearer YOUR_API_KEY
```

## Making Authenticated Requests

Include your API key in every request:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.ardie.ai/kb/{kb_id}/query \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"query": "Your question here"}'
  ```

  ```python Python theme={null}
  import requests

  headers = {
      "Authorization": "Bearer YOUR_API_KEY",
      "Content-Type": "application/json"
  }

  response = requests.post(
      "https://api.ardie.ai/kb/{kb_id}/query",
      headers=headers,
      json={"query": "Your question here"}
  )
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.ardie.ai/kb/{kb_id}/query', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ query: 'Your question here' })
  });
  ```
</CodeGroup>

## Key Scoping

Each API key is scoped to a **single knowledge base**. This means:

* You can only query the knowledge base the key was issued for
* Attempting to query a different knowledge base returns `403 Forbidden`
* If you have access to multiple knowledge bases, you'll have separate keys for each

## Authentication Errors

| Status Code        | Error                | Description                                        |
| ------------------ | -------------------- | -------------------------------------------------- |
| `401 Unauthorized` | `missing_api_key`    | No Authorization header provided                   |
| `401 Unauthorized` | `invalid_api_key`    | The API key is malformed or doesn't exist          |
| `403 Forbidden`    | `key_scope_mismatch` | The key doesn't have access to this knowledge base |
| `403 Forbidden`    | `key_revoked`        | The API key has been revoked                       |

**Example error response:**

```json theme={null}
{
  "error": "invalid_api_key",
  "message": "The provided API key is invalid or has been revoked."
}
```

## Security Best Practices

<Warning>
  Never expose your API key in client-side code, public repositories, or logs.
</Warning>

<Steps>
  <Step title="Use Environment Variables">
    Store keys in environment variables:

    ```bash theme={null}
    export ARDIE_API_KEY="ardie_sk_live_..."
    ```
  </Step>

  <Step title="Server-Side Only">
    Make API calls from your backend, never from browsers or mobile apps.
  </Step>

  <Step title="Rotate if Compromised">
    If a key is exposed, revoke it immediately from your Dashboard and generate a new one.
  </Step>
</Steps>

## Next Steps

<CardGroup cols={2}>
  <Card title="Query Endpoint" icon="terminal" href="/api-reference/endpoints/query">
    Start querying knowledge bases
  </Card>

  <Card title="Rate Limits" icon="gauge" href="/api-reference/rate-limits">
    Understand usage limits
  </Card>
</CardGroup>