> ## Documentation Index
> Fetch the complete documentation index at: https://docs.asisso.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate requests to the Asisso API

## API key authentication

API keys are the recommended way to authenticate programmatic requests. Pass your key in the `X-API-Key` request header.

```bash theme={null}
curl https://app.asisso.com/api/v1/workflow/fetch \
  -H "X-API-Key: as_your_api_key"
```

API keys are scoped to an organization. All resources created or accessed using a key belong to that organization.

### Create an API key

Create keys in the dashboard at [`app.asisso.com/api-keys`](https://asisso.com/app/api-keys). The full key is shown **only once** at creation time — store it immediately in a secrets manager or environment variable.

### Manage API keys

| Action         | Method   | Path                                     |
| -------------- | -------- | ---------------------------------------- |
| List keys      | `GET`    | `/user/api-keys`                         |
| Create key     | `POST`   | `/user/api-keys`                         |
| Archive key    | `DELETE` | `/user/api-keys/{api_key_id}`            |
| Reactivate key | `PUT`    | `/user/api-keys/{api_key_id}/reactivate` |

Archiving a key immediately revokes it. All subsequent requests using that key return `401`.

***

## Error responses

| Status             | Cause                                                           |
| ------------------ | --------------------------------------------------------------- |
| `401 Unauthorized` | Missing, invalid, or expired credentials                        |
| `403 Forbidden`    | Valid credentials but insufficient permissions for the resource |

```json theme={null}
{
  "detail": "Invalid or expired API key"
}
```
