> ## Documentation Index
> Fetch the complete documentation index at: https://docs.reachedapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your API requests using Bearer tokens.

# Authentication

All API requests require a valid API key passed in the `Authorization` header as a Bearer token.

## Generating an API Key

<Steps>
  <Step title="Navigate to Settings">
    In the Reached dashboard, go to **Settings > API**.
  </Step>

  <Step title="Create a key">
    Click **Create Key**, give it a descriptive name (e.g., "Clay Integration" or "Zapier"), and confirm.
  </Step>

  <Step title="Copy the key">
    Your API key will be displayed once. Copy it and store it securely. It starts with `rchd_live_`.
  </Step>
</Steps>

## Header Format

Include your API key in every request using the `Authorization` header:

```
Authorization: Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd
```

## Example Request

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET \
    "https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads" \
    -H "Authorization: Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    "https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads",
    {
      headers: {
        "Authorization": "Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
      }
    }
  );
  const data = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      "https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads",
      headers={
          "Authorization": "Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
      }
  )
  data = response.json()
  ```
</CodeGroup>

## Authentication Errors

If your API key is missing, invalid, or revoked, the API returns a `401 Unauthorized` response:

```json theme={null}
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}
```

<Warning>
  **Keep your API keys secret.** Do not share API keys in public repositories, client-side code, or insecure channels. If a key is compromised, revoke it immediately in **Settings > API**.
</Warning>

## Key Management

| Action     | How                                                      |
| ---------- | -------------------------------------------------------- |
| **Create** | Settings > API > Create Key                              |
| **Revoke** | Settings > API > click the revoke button next to the key |
| **Rotate** | Revoke the old key and create a new one                  |

<Info>
  API keys are scoped to your company workspace. All data accessed through a key belongs to the workspace that created it.
</Info>
