> ## Documentation Index
> Fetch the complete documentation index at: https://docs.atomscale.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Secure your API requests with API keys

All API requests require authentication. The Atomscale API uses API key authentication via the `X-API-KEY` header.

## Obtaining an API Key

1. Log in to the [Atomscale Dashboard](https://app.atomscale.ai)
2. Navigate to **User** > **Manage Account** > **Access**
3. Click **Generate API Key**
4. Copy and securely store the key

<Warning>
  Treat your API keys like passwords. Never commit them to version control or share them publicly.
</Warning>

## Using Your API Key

Include your API key in the `X-API-KEY` header of every request:

```bash theme={null}
X-API-KEY: YOUR_API_KEY
```

## Code Examples

<CodeGroup>
  ```python SDK theme={null}
  from atomscale import Client

  # The SDK handles authentication automatically
  client = Client(api_key="YOUR_API_KEY")
  ```

  ```python Python theme={null}
  import requests

  headers = {
      "X-API-KEY": "YOUR_API_KEY"
  }

  response = requests.get(
      "https://api.atomscale.ai/data_entries/",
      headers=headers
  )
  ```

  ```bash cURL theme={null}
  curl https://api.atomscale.ai/data_entries/ \
    -H "X-API-KEY: YOUR_API_KEY"
  ```
</CodeGroup>

## Environment Variables

For security, store your API key in an environment variable rather than hardcoding it:

<CodeGroup>
  ```python Python theme={null}
  import os

  api_key = os.environ.get("ATOMSCALE_API_KEY")
  ```

  ```bash Shell theme={null}
  export ATOMSCALE_API_KEY="your_api_key_here"
  ```
</CodeGroup>

## Key Permissions

API keys can be scoped to specific permissions:

| Permission | Description                                           |
| ---------- | ----------------------------------------------------- |
| `read`     | Read access to data and analysis results              |
| `write`    | Create and modify data entries, projects, and samples |
| `delete`   | Delete data entries and resources                     |
| `admin`    | Full access including team management                 |

## Revoking Keys

If a key is compromised or no longer needed:

1. Go to **Settings** > **API Keys** in the dashboard
2. Find the key and click **Revoke**
3. The key is immediately invalidated

<Note>
  Revoking a key cannot be undone. Any applications using that key will stop working immediately.
</Note>