# Authentication

<div class="doc-callout doc-callout--info">
  <strong>Safety</strong>: Treat API keys like passwords. Don’t paste them in screenshots or share them publicly.
</div>

## API keys

Create and manage API keys in the dashboard (API access section).

## How to send the key

Send your key in the `Authorization` header:

```http
Authorization: Bearer YOUR_API_KEY
```

## Key rotation

If a key is leaked:

1. Revoke it in the dashboard
2. Create a new key
3. Update your integration