> ## Documentation Index
> Fetch the complete documentation index at: https://docs.journeybee.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Journeybee API

# Authentication

All API requests require an API key sent in the `Authorization` header.

## Getting an API key

1. Log in to [app.journeybee.io](https://app.journeybee.io)
2. Go to **Settings > API Keys**
3. Click **Create API Key**
4. Choose permissions:
   * **Read** — access to GET endpoints
   * **Write** — access to POST, PATCH, and DELETE endpoints
5. Copy the key immediately — it won't be shown again

## Using your API key

Include the key in the `Authorization` header using either format:

```bash theme={null}
# Bearer format (recommended)
curl https://api.journeybee.io/v1/partners \
  -H "Authorization: Bearer YOUR_API_KEY"

# Api-Key format (also supported)
curl https://api.journeybee.io/v1/partners \
  -H "Authorization: Api-Key YOUR_API_KEY"
```

## Permissions

| Permission | Access                                                                     |
| ---------- | -------------------------------------------------------------------------- |
| **Read**   | `GET` endpoints — list and retrieve resources                              |
| **Write**  | `POST`, `PATCH`, `DELETE` endpoints — create, update, and delete resources |

A key with only **Read** permission will receive a `403 Forbidden` response on write operations.

## Rate limits

Requests are rate-limited to **500 requests per minute** per API key. Exceeding this returns a `429 Too Many Requests` response with a `Retry-After` header.

## Error responses

Missing or invalid API key:

```json theme={null}
{
  "error": {
    "code": "unauthorized",
    "message": "Authorization header is required"
  }
}
```

Insufficient permissions:

```json theme={null}
{
  "error": {
    "code": "forbidden",
    "message": "Write access is required"
  }
}
```