> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hellocobi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Secure your Cobi API requests with Bearer token authentication

## API Keys

All Cobi API requests are authenticated with an API key passed as a Bearer token.

To get an API key:

1. Contact [support@hellocobi.com](mailto:support@hellocobi.com) with your organisation details and intended use case
2. You'll receive a unique key scoped to your organisation

## Making Authenticated Requests

Include your API key in the `Authorization` header on every request:

```bash theme={null}
curl -X POST https://api.hellocobi.com/v1/data/customers \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"records": [...]}'
```

## Security Best Practices

Store your API key in environment variables and never hard-code it in source files or commit it to version control. If you suspect a key has been compromised, contact [support@hellocobi.com](mailto:support@hellocobi.com) to get it rotated immediately. All API traffic must use HTTPS.

## Error Responses

| Status             | Meaning                                        | Resolution                                             |
| ------------------ | ---------------------------------------------- | ------------------------------------------------------ |
| `401 Unauthorized` | Key is missing or invalid                      | Check your `Authorization` header format and key value |
| `403 Forbidden`    | Key does not have permission for this resource | Contact support to verify your key's scope             |

```json theme={null}
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}
```
