> ## Documentation Index
> Fetch the complete documentation index at: https://docs.exec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Create and use API keys to authenticate requests

All API requests require authentication using an API key. Keys are created in your workspace settings and provide full admin access to your workspace data.

## Creating an API Key

<Steps>
  <Step title="Navigate to Settings > API">
    From your workspace, click on **Settings** in the sidebar, then select **API**.
  </Step>

  <Step title="Click Create API Key">
    Click the **Create API Key** button to open the creation dialog.
  </Step>

  <Step title="Enter a descriptive name">
    Give your key a name that identifies its purpose, like "Production Integration" or "Analytics Dashboard".
  </Step>

  <Step title="Copy your key immediately">
    Your API key will be displayed **only once**. Copy it and store it securely before closing the dialog.
  </Step>
</Steps>

<Warning>
  API keys are shown only at creation time. If you lose a key, you'll need to create a new one.
</Warning>

## Using Your API Key

Include your API key in the `Authorization` header of every request:

```bash theme={null}
Authorization: Bearer exec_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

### Example Request

```bash theme={null}
curl -X GET "https://api.exec.com/rest/v1/workspace" \
  -H "Authorization: Bearer exec_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```

## Key Format

API keys follow this format:

* **Prefix**: `exec_live_`
* **Body**: 40 alphanumeric characters
* **Example**: `exec_live_aB3dE5fG7hI9jK1lM3nO5pQ7rS9tU1vW3xY5zA7b`

## Managing Keys

### Viewing Keys

In **Settings > API**, you'll see a table of all your API keys showing:

* Key name
* Last 4 characters (for identification)
* Status (Active/Inactive)
* Creation date
* Last used timestamp

### Deactivating a Key

If a key is compromised or no longer needed:

1. Click the **...** menu on the key row
2. Select **Deactivate**

Deactivated keys are immediately rejected. You can reactivate them later if needed.

### Deleting a Key

To permanently remove a key:

1. Click the **...** menu on the key row
2. Select **Delete**

<Warning>
  Deleting a key is permanent and cannot be undone. Any integrations using the key will stop working immediately.
</Warning>

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Never commit keys to code" icon="code">
    Use environment variables or secrets management
  </Card>

  <Card title="Use descriptive names" icon="tag">
    Name keys by purpose so you know what to revoke
  </Card>

  <Card title="Rotate keys periodically" icon="rotate">
    Create new keys and deactivate old ones regularly
  </Card>

  <Card title="Limit access" icon="lock">
    Only share keys with systems that need them
  </Card>
</CardGroup>

## Error Responses

| Status | Error                        | Cause                                 |
| ------ | ---------------------------- | ------------------------------------- |
| `401`  | Missing Authorization header | No `Authorization` header provided    |
| `401`  | Invalid or inactive API key  | Key is wrong, deactivated, or deleted |
| `403`  | Workspace is inactive        | Your workspace has been disabled      |
