> ## Documentation Index
> Fetch the complete documentation index at: https://docs.submagic.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Submagic API using API keys

# Authentication

The Submagic API uses API key authentication to secure access to all endpoints. Every request must include a valid API key in the request headers.

## Getting Your API Key

<Steps>
  <Step title="Create an Account">
    Sign up for a free account at [app.submagic.co](https://app.submagic.co)
  </Step>

  <Step title="Navigate to API Settings">
    Go to your account settings and click on the "API" tab
  </Step>

  <Step title="Generate API Key">
    Click "Generate API Key" to create your unique API key
  </Step>

  <Step title="Copy and Secure">
    Copy your API key immediately - you won't be able to see it again!
  </Step>
</Steps>

<Warning>
  **Important**: Your API key will only be shown once during generation. Make
  sure to copy and store it securely. If you lose your API key, you'll need to
  regenerate a new one.
</Warning>

## API Key Format

Submagic API keys follow this format:

```
sk-[64-character-hex-string]
```

Example:

```
sk-a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456
```

## Authentication Method

Include your API key in the `x-api-key` header with every request:

```http theme={null}
x-api-key: sk-your-api-key-here
```

## Example Requests

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET "https://api.submagic.co/v1/languages" \
    -H "x-api-key: sk-your-api-key-here"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch("https://api.submagic.co/v1/languages", {
    headers: {
      "x-api-key": "sk-your-api-key-here",
    },
  });
  ```

  ```python Python theme={null}
  import requests

  headers = {
      'x-api-key': 'sk-your-api-key-here'
  }

  response = requests.get('https://api.submagic.co/v1/languages', headers=headers)
  ```
</CodeGroup>

## API Key Security

<CardGroup cols={2}>
  <Card title="Keep It Secret" icon="eye-slash">
    Never expose your API key in client-side code, public repositories, or logs
  </Card>

  <Card title="Use Environment Variables" icon="server">
    Store your API key in environment variables, not in your source code
  </Card>
</CardGroup>

## Best Practices

### Environment Variables

Store your API key in environment variables:

<CodeGroup>
  ```bash .env theme={null}
  SUBMAGIC_API_KEY=sk-your-api-key-here
  ```

  ```javascript Node.js theme={null}
  const apiKey = process.env.SUBMAGIC_API_KEY;
  ```

  ```python Python theme={null}
  import os
  api_key = os.getenv('SUBMAGIC_API_KEY')
  ```
</CodeGroup>

### Server-Side Only

<Warning>
  Never use your API key in client-side JavaScript, mobile apps, or any publicly
  accessible code. API keys should only be used from your secure backend
  servers.
</Warning>

### Key Rotation

To regenerate your API key:

1. Generate a new API key from your dashboard
2. Update your applications with the new key
3. Test that everything works with the new key
4. The old key will be automatically invalidated

## Authentication Errors

If authentication fails, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "error": "UNAUTHORIZED",
  "message": "Invalid or missing API key"
}
```

<Card title="Need Help?" icon="life-ring">
  If you're having trouble with authentication contact our support team.
</Card>

{" "}