> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bondio.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate requests to the Bondio API with API keys

Authentication in Bondio's API happens through static API keys. Your organisation account with Bondio will have two environments — **test** & **prod**. Each environment has its own set of keys.

<Warning>
  **Security:** An API key provides full access to all the data in a project. Please keep your API key secret at all times, don't hardcode it in code repositories, and don't share it with others.
</Warning>

## Generating an API key

API keys can be generated from the Bondio portal by following these steps:

1. Go to the **developers** section on the sidebar
2. Click **New key** at the top right
3. Carefully copy the key from the display popup

<Note>
  You can only ever view the full key in plain text at the time of creation. If your key gets misplaced or you couldn't copy it, you will need to delete the existing key on the portal and generate a new one.
</Note>

## Using an API key

Your API key is used as a Bearer token in the `Authorization` header of your request, for example:

```bash theme={null}
curl --request "GET" \
  --url "https://api.bondio.co/v1/plans" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer ${API_KEY}"
```

## API key error

If the API key is missing or invalid, you will receive a `401` HTTP response code. Here is a sample response:

```json theme={null}
{
  "code": "Unauthorised",
  "message": "Invalid authorization token",
  "docUrl": "https://docs.bondio.co/authentication"
}
```
