> ## Documentation Index
> Fetch the complete documentation index at: https://docs.recotap.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to generate and use your Recotap API key to authenticate requests

Every request to the Recotap External API must be authenticated using an API key. The key is passed as a custom HTTP header on every request. Requests without a valid key are rejected with `401 Unauthorized`.

## Required header

Include your API key in the `X-Api-Key` header on every request:

```
X-Api-Key: your-api-key-here
```

For example, using cURL:

```bash theme={null}
curl -X GET "https://eapi.recotap.com/api/v1/accounts" \
  -H "X-Api-Key: your-api-key-here" \
  -H "Content-Type: application/json"
```

<Warning>
  The API key is tied to your **individual user account**, not the team or workspace. Store it in a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.) and never expose it in client-side code, browser requests, or version control.
</Warning>

## Generating your API key

API keys are managed from the **Tech Settings** section of your Recotap workspace. Each user account holds one active key at a time. Generating a new key immediately replaces the previous one.

You can [navigate directly to the API Access Key page](https://abm.recotap.com/settings/tech-settings/api-access-key) or follow the steps below.

<Steps>
  <Step title="Open Settings">
    Click the **gear icon** in the top-right corner of the Recotap navigation bar.
  </Step>

  <Step title="Go to Workspace">
    In the dropdown, click **Workspace** (Set up and customize).
  </Step>

  <Step title="Navigate to Tech Settings → API Access Key">
    In the left sidebar, click **Tech Settings**, then select **API Access Key**.
  </Step>

  <Step title="Generate the key">
    Click **+ Generate API Key**.
  </Step>

  <Step title="Copy and store it securely">
    Your new API key is displayed under **Your New API Key**. Click **Copy** to copy the full key, then store it in your secrets manager before closing the page.
  </Step>
</Steps>

<Danger>
  The full key is shown **only once** immediately after generation. Once you navigate away, the page reverts to the generation screen and no part of the key is displayed again. If you lose the key, you must generate a new one, which immediately invalidates the previous key.
</Danger>

## Key behaviour

<Info>
  Keys are **user-scoped**. Every Recotap user generates and manages their own independent key. No other user — including workspace admins — can view or manage your key. Regenerating your key does not affect any other user's key.
</Info>

| Property | Detail                                                             |
| -------- | ------------------------------------------------------------------ |
| Scope    | Per user. One active key per Recotap account.                      |
| Expiry   | No expiry. Valid indefinitely until regenerated.                   |
| Rotation | Generate again to replace. The old key is invalidated immediately. |

## Error responses

If a request is rejected due to an authentication issue, Recotap returns `401 Unauthorized` with a JSON body describing the problem.

| Condition                  | Status | Message                        |
| -------------------------- | ------ | ------------------------------ |
| `X-Api-Key` header missing | `401`  | `X-Api-Key header is required` |
| Key not found or invalid   | `401`  | `Invalid API key`              |
