> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Webacy API using API key headers, manage keys across environments, and handle rate limits for production traffic.

## API Keys

All API requests require authentication using an API key passed in the `x-api-key` header.

### Getting Your API Key

1. Visit [developers.webacy.co](https://developers.webacy.co/) to sign up
2. Generate your API key
3. Copy and securely store your key

<Warning>
  Keep your API key secure. Do not expose it in client-side code or public repositories.
</Warning>

## Using Your API Key

Include your API key in the `x-api-key` header with every request:

```bash theme={null}
x-api-key: YOUR_API_KEY
```

### Example Requests

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET "https://api.webacy.com/addresses/0x742d35Cc6634C0532925a3b844Bc454e4438f44e?chain=eth" \
    -H "x-api-key: YOUR_API_KEY"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://api.webacy.com/addresses/0x742d35Cc6634C0532925a3b844Bc454e4438f44e?chain=eth',
    {
      headers: {
        'x-api-key': 'YOUR_API_KEY'
      }
    }
  );

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://api.webacy.com/addresses/0x742d35Cc6634C0532925a3b844Bc454e4438f44e',
      params={'chain': 'eth'},
      headers={'x-api-key': 'YOUR_API_KEY'}
  )

  print(response.json())
  ```

  ```go Go theme={null}
  package main

  import (
      "fmt"
      "net/http"
      "io"
  )

  func main() {
      req, _ := http.NewRequest("GET",
          "https://api.webacy.com/addresses/0x742d35Cc6634C0532925a3b844Bc454e4438f44e?chain=eth",
          nil)
      req.Header.Set("x-api-key", "YOUR_API_KEY")

      client := &http.Client{}
      resp, _ := client.Do(req)
      defer resp.Body.Close()

      body, _ := io.ReadAll(resp.Body)
      fmt.Println(string(body))
  }
  ```
</CodeGroup>

## Authentication Errors

| Status Code | Description                                                      |
| ----------- | ---------------------------------------------------------------- |
| 401         | Missing or invalid API key                                       |
| 403         | API key lacks required permissions                               |
| 429         | Rate limit exceeded (see [Rate Limits](/essentials/rate-limits)) |

### Example Error Response

```json theme={null}
{
  "message": "Unauthorized"
}
```

## Best Practices

<Tip>
  Store your API key in environment variables, not in your code.
</Tip>

* **Rotate keys periodically** - Generate new keys and deprecate old ones on a regular schedule
* **Use separate keys** - Maintain different keys for development, staging, and production
* **Monitor usage** - Check the [API Usage](/api-reference/api-usage/get-current-api-usage) endpoint regularly
* **Revoke compromised keys** - If a key is exposed, revoke it immediately in your dashboard
* **Server-side only** - Never expose your API key in client-side code or mobile apps
