> ## Documentation Index
> Fetch the complete documentation index at: https://docs.paygentic.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

API keys authenticate requests to Paygentic. Each key belongs to a specific user and inherits that user's permissions.

## Key format

Keys are environment-specific:

| Environment | Prefix     | Base URL                 | Usage                   |
| ----------- | ---------- | ------------------------ | ----------------------- |
| Sandbox     | `sk_test_` | api.sandbox.paygentic.io | Development and testing |
| Live        | `sk_live_` | api.paygentic.io         | Production              |

Sandbox keys only work with sandbox endpoints. Live keys only work with production endpoints.

## Creating keys

1. Login to Paygentic Dashboard
2. Navigate to Settings → API Keys
3. Click Create New Key
4. Name the key descriptively
5. Copy immediately - it won't be shown again

Store keys securely. Use environment variables or secret managers, never commit to version control.

## Managing keys

**Viewing Keys**

* See all active keys
* Check creation and last-used dates
* Identify by descriptive names
* View partial values (last 4 characters)

**Revoking Keys**
Navigate to Settings → API Keys, find the key, click Revoke. Revocation is immediate - applications using that key will fail authentication.

## Usage

Include keys in the Authorization header using Bearer authentication scheme.

## Security practices

**Mandatory**

* Never commit keys to git
* Use environment variables
* Rotate keys regularly
* Revoke compromised keys immediately
* Use sandbox keys for development only

**Recommended**

* Separate keys per application
* Monitor usage to find inactive keys
* Document which applications use which keys
* Use descriptive key names

## Troubleshooting

**Authentication Failures**

* Verify correct key format
* Check key hasn't been revoked
* Confirm environment match (test vs live)
* Use correct base URL for environment

**Permission Errors**

* Verify user permissions for the key
* Check organization context
* Contact admin for permission changes
