> ## Documentation Index
> Fetch the complete documentation index at: https://direct-api.reap.global/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate requests with your API key

The Direct API authenticates every request with an API key passed in the
`x-api-key` header.

```bash theme={null}
curl https://api.direct.reap.global/v1/health \
  -H "x-api-key: YOUR_API_KEY"
```

## API keys

* Keys are issued per business. Contact your Reap account manager to obtain one.
* Keys carry scopes that limit which endpoints they can call.
* Requests without a valid key receive `401 Unauthorized`; requests with a valid
  key but insufficient scope receive `403 Forbidden`.

<Warning>
  Treat API keys like passwords. Store them in a secrets manager, never commit
  them to source control, and rotate them immediately if exposed.
</Warning>
