> ## Documentation Index
> Fetch the complete documentation index at: https://docs.criffy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How Bearer API keys work in the Criffy public API.

# Authentication

Criffy public data integrations use a Bearer API key. Dashboard account actions use a signed-in session and are not part of the Bearer-auth data API.

## 1. Bearer API keys for public data

All public data endpoints under `/api/v1/*` require a Bearer API key and an active `Pro+` subscription.

```bash theme={null}
curl https://criffy.com/api/v1/exchanges \
  -H "Authorization: Bearer criffy_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
```

If the key is missing, invalid, revoked, or belongs to a non-Pro+ account, the API returns one of these shared errors:

* `invalid_api_key`
* `subscription_required`

## 2. Managing your key

Generate, rotate, or revoke your API key from the Criffy dashboard:

1. Buy or upgrade to a [Pro+ plan](https://criffy.com/pricing).
2. Sign in to your account.
3. Open [Settings -> API](https://criffy.com/settings/api).
4. Manage the key and usage there.

Dashboard account flows are separate from the Bearer-auth public data API. External integrations should use the generated API key only as a Bearer token for public data endpoints.

## Practical guidance

* Use Bearer API keys for backend-to-backend access to public data.
* Do not expose API keys in browser or mobile client code.
* Store the plaintext key securely when it is created or regenerated. It is only shown once.
* Rotate the key from [Settings -> API](https://criffy.com/settings/api) if it is exposed.
* Check current monthly usage from [Settings -> API](https://criffy.com/settings/api).
* Use the dashboard for key management, and use Bearer authentication for external integrations.
