> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leavo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your API requests

## Overview

The Leavo API uses Bearer Token authentication. All requests must include a valid API key in the `Authorization` header.

## Getting Your API Key

<Steps>
  <Step title="Access the Dashboard">
    Go to [Dashboard](https://app.leavo.ai)
  </Step>

  <Step title="Navigate to Settings">
    Access **Settings** > **API Keys**
  </Step>

  <Step title="Generate Key">
    Click "Create New Key" and copy the generated key
  </Step>
</Steps>

<Warning>
  Store your key securely. It will only be shown once during creation.
</Warning>

## Using the Key

Include the key in the `Authorization` header of all requests:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET "https://api.leavo.ai/backend/leads" \
    -H "Authorization: Bearer your_api_key_here"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.leavo.ai/backend/leads', {
    headers: {
      'Authorization': 'Bearer your_api_key_here'
    }
  });
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://api.leavo.ai/backend/leads',
      headers={'Authorization': 'Bearer your_api_key_here'}
  )
  ```

  ```php PHP theme={null}
  <?php
  $apiKey = getenv('LEAVO_API_KEY');

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api.leavo.ai/backend/leads');
  curl_setopt($ch, CURLOPT_HTTPHEADER, [
      'Authorization: Bearer ' . $apiKey
  ]);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

  $response = curl_exec($ch);
  ```
</CodeGroup>

## Environment Variables

<Tip>
  Never hardcode your keys. Use environment variables like `LEAVO_API_KEY`.
</Tip>

<CodeGroup>
  ```javascript Node.js theme={null}
  const API_KEY = process.env.LEAVO_API_KEY;
  ```

  ```python Python theme={null}
  import os
  API_KEY = os.environ.get('LEAVO_API_KEY')
  ```

  ```php PHP theme={null}
  $apiKey = getenv('LEAVO_API_KEY');
  ```
</CodeGroup>

## Security

<CardGroup cols={2}>
  <Card title="Don't expose in code" icon="eye-slash">
    Never commit keys to version control
  </Card>

  <Card title="Rotate periodically" icon="rotate">
    Change keys regularly for security
  </Card>

  <Card title="Use environment variables" icon="terminal">
    Store keys in env vars or secret managers
  </Card>

  <Card title="Revoke if compromised" icon="trash">
    Immediately revoke compromised keys
  </Card>
</CardGroup>
