> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firstanswer.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your requests to the First Answer API using API keys.

## API Key Authentication

The First Answer API uses **API keys** to authenticate requests. Every request to the `/v1/` endpoints must include a valid API key in the request headers.

```bash theme={null}
curl -H "api-key: YOUR_API_KEY" \
  https://api.firstanswer.ai/v1/brands/
```

<Warning>
  API keys grant access to your account data. Keep them secure and never expose them in client-side code, public repositories, or browser requests.
</Warning>

## Obtaining an API Key

<Steps>
  <Step title="Navigate to API settings">
    Log in to the First Answer platform and go to **Settings → API Keys**.
  </Step>

  <Step title="Create a new key">
    Click **Create API Key** and give it a descriptive name (e.g. "Production Dashboard", "Internal Analytics").
  </Step>

  <Step title="Copy your key">
    Your API key will be displayed **only once**. Copy it and store it securely. If you lose it, you'll need to generate a new one.
  </Step>
</Steps>

## Using Your API Key

Include the API key in the `api-key` header of every request:

<CodeGroup>
  ```bash cURL theme={null}
  curl -H "api-key: YOUR_API_KEY" \
    https://api.firstanswer.ai/v1/brands/
  ```

  ```python Python theme={null}
  import requests

  headers = {"api-key": "YOUR_API_KEY"}
  response = requests.get(
      "https://api.firstanswer.ai/v1/brands/",
      headers=headers,
  )

  print(response.json())
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch("https://api.firstanswer.ai/v1/brands/", {
    headers: {
      "api-key": "YOUR_API_KEY",
    },
  });

  const data = await response.json();
  console.log(data);
  ```
</CodeGroup>

## Key Expiration

API keys are valid for **6 months** from the date of creation. After expiration, requests made with the key will return a `401` error:

```json theme={null}
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "API key has expired."
  }
}
```

Generate a new key before the current one expires to avoid service interruptions.

## Error Responses

### Missing API Key

If no `api-key` header is provided, the API will return:

```json 401 theme={null}
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "Authentication credentials were not provided."
  }
}
```

### Invalid API Key

If the key is incorrect or has been revoked:

```json 401 theme={null}
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "Invalid or inactive API key."
  }
}
```

### Expired API Key

If the key has passed its expiration date:

```json 401 theme={null}
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "API key has expired."
  }
}
```

## Best Practices

<AccordionGroup>
  <Accordion title="Use environment variables">
    Never hardcode API keys in your source code. Store them as environment variables:

    ```bash theme={null}
    export FIRSTANSWER_API_KEY="your-key-here"
    ```

    ```python theme={null}
    import os
    api_key = os.environ["FIRSTANSWER_API_KEY"]
    ```
  </Accordion>

  <Accordion title="Rotate keys periodically">
    Don't wait for keys to expire. Create a new key, update your integrations, then revoke the old one.
  </Accordion>

  <Accordion title="Use descriptive names">
    Name your keys after their purpose (e.g. "Looker Dashboard", "Internal Slack Bot") so you can easily manage and revoke them.
  </Accordion>

  <Accordion title="Revoke unused keys">
    If a key is no longer needed, revoke it immediately in your API settings. This prevents unauthorized access.
  </Accordion>

  <Accordion title="Never expose keys client-side">
    API keys should only be used in server-side code. Never include them in frontend JavaScript, mobile apps, or any publicly accessible code.
  </Accordion>
</AccordionGroup>
