> ## Documentation Index
> Fetch the complete documentation index at: https://docs.harmstack.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate your API requests using your Harmstack API key.

All API endpoints except `GET /v0/health` require authentication. Harmstack uses API key authentication via the standard HTTP `Authorization` header.

## Get your API key

Contact Vetted Medical or your account team to obtain an API key. Store it securely — you will not be able to retrieve the key value after it is issued.

## Authenticate a request

Include your API key as a bearer token in the `Authorization` header of every request:

```http theme={null}
Authorization: Bearer YOUR_API_KEY
```

## Examples

<CodeGroup>
  ```bash curl theme={null}
  curl https://api.harmstack.com/v0/me \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```python Python theme={null}
  import requests

  resp = requests.get(
      "https://api.harmstack.com/v0/me",
      headers={"Authorization": "Bearer YOUR_API_KEY"},
  )
  print(resp.json())
  ```

  ```go Go theme={null}
  req, _ := http.NewRequest("GET", "https://api.harmstack.com/v0/me", nil)
  req.Header.Set("Authorization", "Bearer YOUR_API_KEY")
  client := &http.Client{}
  resp, _ := client.Do(req)
  ```
</CodeGroup>

## Error responses

If authentication fails, the API returns `401 Unauthorized`:

```json theme={null}
{"error": "unauthorized"}
```

Common causes:

* The `Authorization` header is missing entirely
* The header value does not start with `Bearer `
* The API key is invalid or has been revoked

## Using the CLI

The `harmstack` CLI reads your API key from the `HARMSTACK_API_KEY` environment variable. You can also pass it explicitly with the `--harmstack-api-key` flag on any command.

## Security

<Tip>
  Store your API key in an environment variable (`HARMSTACK_API_KEY`) and read it at runtime. Never hardcode your API key directly in source code or commit it to version control.
</Tip>
