> ## Documentation Index
> Fetch the complete documentation index at: https://docs.in10nt.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate your API requests

## API Key Authentication

All endpoints (except `/health`) require authentication via API key.

### Using the SDK (Zero-config)

Set your API key as an environment variable and use the static `Instance` methods:

```bash theme={null}
export IN10NT_API_KEY=your_api_key
```

```typescript theme={null}
import { Instance } from '@in10nt/sdk';

// Reads IN10NT_API_KEY automatically
const instance = await Instance.create({
  name: 'my-agent',
  description: 'Agent'
});
```

### Using the Client

Pass your API key explicitly when creating a client:

```typescript theme={null}
import { In10ntClient } from '@in10nt/sdk';

const client = new In10ntClient({
  apiKey: 'your_api_key'
});
```

### Environment Variables

You can also set your API key as an environment variable:

```bash theme={null}
export IN10NT_API_KEY=your_api_key
```

Then initialize the client without explicitly passing the key:

```typescript theme={null}
const client = new In10ntClient();
// or
const instance = await Instance.create({ name: 'x', description: 'y' });
```

## Direct API Requests

If you're making direct API requests without the SDK, include your API key in the Authorization header:

### Bearer Token (Recommended)

```bash theme={null}
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://in10t-api-v2.fly.dev/instances
```

### X-API-Key Header (Alternative)

```bash theme={null}
curl -H "X-API-Key: YOUR_API_KEY" \
  https://in10t-api-v2.fly.dev/instances
```

## Base URL

The default API base URL is:

```
https://in10t-api-v2.fly.dev
```

You can override this when initializing the client:

```typescript theme={null}
const client = new In10ntClient({
  apiKey: 'your_api_key',
  baseURL: 'https://custom-api-url.com'
});

// Or with static methods
const instance = await Instance.create(
  { name: 'x', description: 'y' },
  { baseURL: 'https://custom-api-url.com' }
);
```

## Security Best Practices

<Warning>
  Never commit API keys to version control. Always use environment variables or secure secret management.
</Warning>

* Store API keys in environment variables
* Use different keys for development and production
* Rotate keys regularly
* Never expose keys in client-side code
* Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
