> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flokitai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the FloKit API.

**Base URL:** `https://api.flokit.ai`

All API requests require an API key passed as a Bearer token in the `Authorization` header.

```
Authorization: Bearer $FLOKIT_API_KEY
```

**Example:**

```bash theme={null}
curl -H "Authorization: Bearer $FLOKIT_API_KEY" \
  https://api.flokit.ai/v1/workspace
```

***

## API keys

Keys are workspace-scoped. Find existing keys or create new ones in **FloKit → Settings → API Keys**.

### Key types

| Type           | Permissions                                                                       |
| -------------- | --------------------------------------------------------------------------------- |
| **Read-only**  | Access reports, inspect events, list integrations                                 |
| **Read-write** | All read permissions plus: send events, trigger syncs, approve and reject actions |

Use read-only keys for reporting pipelines and dashboards. Use read-write keys only in trusted server-side contexts.

***

## Error responses

**401 Unauthorized** — API key is missing or invalid.

```json theme={null}
{
  "error": "unauthorized",
  "message": "Invalid or missing API key"
}
```

**403 Forbidden** — API key is valid but lacks the required permission for the operation (e.g. a read-only key attempting to send events).

```json theme={null}
{
  "error": "forbidden",
  "message": "This operation requires a read-write key"
}
```

***

## Security

* Store API keys in environment variables or a secrets manager (AWS Secrets Manager, GCP Secret Manager, Doppler, etc.).
* Never commit API keys to version control.
* Rotate keys in **FloKit → Settings → API Keys**. After rotation, the previous key is immediately invalidated.
* Use separate keys per environment (production vs. staging) to prevent test traffic from entering production data.
