> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dualentry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate DualEntry Public API requests with an API key sent in the X-API-KEY header, including how to generate, rotate, and revoke keys.

All API requests must include an API key in the `X-API-KEY` header.

## How it works

1. Your administrator generates an API key from the DualEntry dashboard
2. Include the API key in the `X-API-KEY` header with every request
3. The API validates the key and authorizes access to your organization's data

## Example request

```bash theme={null}
curl https://api.dualentry.com/public/v1/invoices \
  -H "X-API-KEY: your_api_key_here" \
  -H "Content-Type: application/json"
```

## Getting an API key

API keys are provisioned exclusively by your organization's DualEntry administrator. Contact them to request one.

Once you receive your key, store it securely in your application. The key is shown only once at creation time and cannot be retrieved later.

<Warning>
  **Security**: Never expose API keys in client-side code, public repositories, or logs. Use environment variables or secure secret management services.
</Warning>

## Authentication errors

| Status Code | Meaning                    | Solution                                  |
| ----------- | -------------------------- | ----------------------------------------- |
| **401**     | Missing API key            | Include `X-API-KEY` header                |
| **403**     | Invalid or revoked API key | Verify your API key is correct and active |

**Error Response:**

```json theme={null}
{
  "success": false,
  "errors": {
    "__all__": ["API key authentication failed"]
  }
}
```

## Best practices

* Store API keys in environment variables or secret management services
* Use separate API keys for development and production environments
* Rotate keys regularly for enhanced security
* Never commit API keys to version control

***

**Next:** [Learn about Rate Limiting →](./rate-limiting)
