> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runflow.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Pass an HTTP Bearer token on every Runflow API request.

Every Runflow API request needs an `Authorization: Bearer <token>` header. Requests without a valid token return `401 Unauthorized`.

## Header

```http theme={"dark"}
Authorization: Bearer YOUR_API_KEY
```

## Get a key

1. Sign in at [app.runflow.io](https://app.runflow.io/settings/api-keys).
2. Open **Settings -> API Keys**, click **Create**.
3. Copy the token. It is shown once.
4. Save it as `RUNFLOW_API_KEY` in your secret manager.

## Example

```bash theme={"dark"}
export RUNFLOW_API_KEY="your_token_here"

curl https://api.runflow.io/v1/auth/me \
  -H "Authorization: Bearer $RUNFLOW_API_KEY"
```

A `200` with your account payload confirms the key works.

## Rotate

Compromised key? Revoke it from the dashboard, create a new one, deploy. No downtime if you keep both keys live during cutover.

## Best practices

* Read the token from an env var or secret manager. Never commit it.
* Use distinct keys per environment so a leak in staging cannot touch prod.
* Call the API from your backend, not the browser.
* Watch for `401` spikes. They usually mean a leaked or rotated key.

## Related

<CardGroup cols={2}>
  <Card title="Errors" icon="triangle-exclamation" href="/concepts/errors">Status codes and the error envelope.</Card>
  <Card title="Get started" icon="rocket" href="/quickstart">Make your first authenticated call.</Card>
</CardGroup>
