> ## Documentation Index
> Fetch the complete documentation index at: https://docs.attention.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

> Learn how to obtain and use API keys to authenticate with the Attention API

## Overview

The Attention API uses API keys for authentication. All API requests must include a valid API key in the request headers to access protected endpoints.

## How to Obtain Your API Key

<Steps>
  <Step title="Log in to Attention">
    Navigate to [https://app.attention.tech](https://app.attention.tech) and sign in with your account using **Google**, **Single sign-on (SSO)**, or your **email and password**.
  </Step>

  <Step title="Open Settings">
    Once signed in, click your profile avatar in the top-left corner and select **Settings** from the dropdown menu.
  </Step>

  <Step title="Navigate to API Keys">
    In the sidebar, under the **Organization** section, select **API Keys**.

    <Note>
      You must have **Admin** role permissions to access and manage organization-level API keys.
    </Note>
  </Step>

  <Step title="Create a New API Key">
    Click **+ Create API Key** in the top-right corner.

    You’ll be prompted to:

    * **Name your API key** – Give it a descriptive name (e.g., “Production Integration” or “Development Testing”)
  </Step>

  <Step title="Copy and Store Your API Key">
    After creation, a modal titled **API Key Created** will appear showing your key once.

    <Warning>
      **Important:** This is the only time you’ll be able to view your API key. Copy it now and store it securely.
    </Warning>

    Store your API key securely:

    * Use environment variables in your application
    * Use a secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault)
    * Never commit keys to version control
  </Step>
</Steps>

## Using Your API Key

Include your API key in the `Authorization` header of all API requests:

<CodeGroup>
  ```bash Curl theme={null}
  curl https://api.attention.tech/v2/conversations \
  -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```javascript Node.js theme={null}
  const axios = require('axios');

  const apiKey = process.env.ATTENTION_API_KEY;

  const response = await axios.get('https://api.attention.tech/v2/conversations', {
      headers: {
          'Authorization': `Bearer ${apiKey}`
      }
  });
  ```

  ```python Python theme={null}
  import os
  import requests

  api_key = os.environ.get('ATTENTION_API_KEY')

  headers = {
      'Authorization': f'Bearer {api_key}'
  }

  response = requests.get('https://api.attention.tech/v2/conversations', headers=headers)
  ```

  ```go Go theme={null}
  package main

  import (
  "fmt"
  "net/http"
  "os"
  )

  func main() {
  apiKey := os.Getenv("ATTENTION_API_KEY")

  client := &http.Client{}
  req, _ := http.NewRequest("GET", "https://api.attention.tech/v2/conversations", nil)
  req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", apiKey))

  resp, err := client.Do(req)
  // Handle response...
  }
  ```
</CodeGroup>

## Managing Your API Keys

### Rotating API Keys

For security best practices, it's recommended to rotate your API keys periodically:

1. Generate a new API key following the steps above
2. Update your applications to use the new key
3. Test that all integrations work with the new key
4. Delete the old API key from the **API Keys** page

### Revoking API Keys

If an API key is compromised or no longer needed:

1. Go to **Settings** → **API Keys**
2. Find the key you want to revoke
3. Click the **⋯** menu next to the key
4. Select **Delete**

<Warning>
  Revoking an API key immediately invalidates it. Any applications using that key will no longer be able to authenticate.
</Warning>

## Troubleshooting

### 401 Unauthorized Error

If you receive a `401 Unauthorized` error:

* Verify your API key is correctly included in the `Authorization` header
* Ensure you're using `Bearer` before the API key
* Check that your API key hasn't been revoked or expired
* Confirm your account has the necessary permissions for the endpoint

### Rate Limits

API requests are subject to rate limiting. If you exceed the rate limit, you'll receive a `429 Too Many Requests` response.

<Info>
  Contact your Attention account manager to discuss rate limit increases for your organization.
</Info>

## Security Best Practices

<AccordionGroup>
  <Accordion title="Use Environment Variables">
    Never hardcode API keys in your source code. Always use environment variables or secure secret management systems.

    ```bash theme={null}
    # .env file (never commit this)
    ATTENTION_API_KEY=your_api_key_here
    ```
  </Accordion>

  <Accordion title="Use Different Keys for Different Environments">
    Create separate API keys for development, staging, and production environments to isolate access and make key rotation easier.
  </Accordion>

  <Accordion title="Monitor API Key Usage">
    Regularly audit which API keys are being used and delete any that are no longer needed.
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="API Reference" icon="code" href="/api-reference">
    Explore all available API endpoints and their usage
  </Card>

  <Card title="Workspace Setup" icon="users" href="/workspace-setup/teams-roles-seats">
    Learn how to manage user roles and permissions
  </Card>
</CardGroup>

<Info>
  Need help with API authentication? Contact [support@attention.com](mailto:support@attention.com) or reach out to your Attention account manager.
</Info>
