> ## Documentation Index
> Fetch the complete documentation index at: https://getkontext.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Kontext API.

# Authentication

The Kontext API uses **API keys** for authentication. Each key is scoped to an organization and grants access to all products within it.

## Generating an API key

1. Go to **Organization Settings → API Keys**
2. Click **Create API Key**
3. Give it a descriptive name (e.g., "CI Pipeline", "Data Export Script")
4. Optionally set an **expiry date** — the key will stop working after this date
5. Copy the key — it won't be shown again

<Tip>
  Set an expiry date on every key. Short-lived keys limit the blast radius if a key is leaked. You can always create a new one when the old one expires.
</Tip>

## Using your API key

Pass the key in the `Authorization` header with a `Bearer` prefix:

```bash theme={null}
curl -H "Authorization: Bearer kx_your_api_key_here" \
  https://app.getkontext.io/api/v1/products
```

## Rate limiting

API requests are rate-limited per organization:

| Tier     | Limit               |
| -------- | ------------------- |
| Standard | 100 requests/minute |

Rate limit headers are included in every response:

```
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 1711900000
```

When rate-limited, the API returns `429 Too Many Requests`.

## Security

* API keys are hashed at rest — Kontext cannot retrieve your key after creation
* Rotate keys regularly and revoke any that may be compromised
* Never commit API keys to source control