> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apisale.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API keys for Model APIs and bearer tokens for Console APIs.

## Model APIs — API key

Every request to `/v1/*` must include:

```http theme={null}
Authorization: Key as_live_xxxxxxxx
```

Create keys in [Console → API Keys](https://apisale.ai/console/api-keys). Use `live` keys in production and `test` keys for development.

### Scopes

Keys are issued with scopes such as `runs:write` and `runs:read`. Endpoints enforce required scopes.

## Console APIs — bearer token

Console endpoints (`/console/v1/*`) use the JWT from login:

```http theme={null}
Authorization: Bearer eyJhbG...
```

Obtain tokens via `POST /console/v1/auth/login` or OAuth. Use Console APIs for dashboard-style management, not for high-volume inference.

## Security

* Never expose API keys in client-side code
* Rotate keys periodically
* Revoke compromised keys immediately in the Console
