> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anannas.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API authentication and security

## Overview

Anannas uses Bearer token authentication via the `Authorization` header. All API requests require a valid API key.

## API Keys

API keys are generated in the [Anannas dashboard](https://anannas.ai/dashboard). Each key is associated with:

* User account and organization
* Credit limits and billing
* Rate limits based on tier
* Usage tracking and analytics

## Authentication Header

Include your API key in the `Authorization` header:

```bash theme={null}
Authorization: Bearer <ANANNAS_API_KEY>
```

### Example

```python theme={null}
import requests

response = requests.post(
  "https://api.anannas.ai/v1/chat/completions",
  headers={
    "Authorization": "Bearer sk-...",
    "Content-Type": "application/json",
  },
  json={
    "model": "openai/gpt-5-mini",
    "messages": [{"role": "user", "content": "Hello"}]
  }
)
```

## Security Best Practices

### Store Keys Securely

**Never commit API keys to version control.** Use environment variables:

```python theme={null}
import os
api_key = os.getenv("ANANNAS_API_KEY")
```

```typescript theme={null}
const apiKey = process.env.ANANNAS_API_KEY;
```

```bash theme={null}
export ANANNAS_API_KEY="sk-..."
curl -H "Authorization: Bearer $ANANNAS_API_KEY" ...
```

### Key Rotation

If a key is compromised:

1. Immediately revoke the key in the dashboard
2. Generate a new key
3. Update your application configuration
4. Monitor for unauthorized usage

### Key Scope

API keys have full access to:

* All models available to your account
* Credit balance and billing
* Usage analytics
* Rate limit quotas

Restrict key access at the application level if needed.

## Error Responses

### 401 Unauthorized

Invalid or missing API key:

```json theme={null}
{
  "error": {
    "message": "Authentication required",
    "type": "authentication_error"
  }
}
```

Common causes:

* Missing `Authorization` header
* Invalid key format
* Revoked or expired key
* Key not associated with active account

### 402 Payment Required

Insufficient credits:

```json theme={null}
{
  "error": {
    "message": "Insufficient credits",
    "type": "insufficient_quota_error"
  }
}
```

## Multiple Keys

You can create multiple API keys for:

* Different environments (development, staging, production)
* Different applications or services
* Team members with separate usage tracking

Each key maintains independent usage statistics.

## Key Management

Manage keys in the dashboard:

* Create new keys
* Revoke existing keys
* View key usage and statistics
* Set key-specific rate limits (if supported)

## Testing Authentication

Verify your API key:

```bash theme={null}
curl https://api.anannas.ai/v1/models \
  -H "Authorization: Bearer $ANANNAS_API_KEY"
```

A successful response confirms authentication is working.
