> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nxos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API key management and request authentication.

Every request to the Nxos API must include an API key. Keys are scoped to a single organization and carry full access to that organization's resources.

## Obtaining an API key

API keys are created in the [Nxos dashboard](https://app.nxos.io). Each key is shown once at creation time — store it securely. If you lose a key, revoke it and create a new one.

Keys follow the format:

```
nxos_sk_live_...   # production
nxos_sk_test_...   # sandbox
```

## Authenticating requests

Pass your API key as a Bearer token in the `Authorization` header:

```bash theme={null}
curl https://api.sandbox.nxos.io/v1/accounts \
  -H "Authorization: Bearer nxos_sk_test_abc123..."
```

Every authenticated response includes a `requestId` in error bodies. Quote this ID when contacting support.

## Error responses

Missing or invalid keys return a `401` status:

```json theme={null}
{
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is invalid.",
    "requestId": "req_abc123"
  }
}
```

| Error code              | Meaning                                                           |
| ----------------------- | ----------------------------------------------------------------- |
| `missing_api_key`       | No `Authorization` header, or it doesn't start with `Bearer `.    |
| `invalid_api_key`       | The key doesn't exist or has been revoked.                        |
| `authentication_failed` | Key verification failed due to a server error. Retry the request. |

## Security recommendations

* Never embed API keys in client-side code. They should only be used server-to-server.
* Use sandbox keys (`nxos_sk_test_...`) during development. They cannot access production resources.
* Rotate keys periodically. You can have multiple active keys per organization.
* Revoke compromised keys immediately from the dashboard.
