API Authentication | aroyb-TECH Docs

## Authentication Overview The aroyb-TECH API uses API keys for authentication. All requests must include a valid API key in the request headers. ## Obtaining an API Key 1. Log in to your [aroyb-TECH portal](/app) 2. Navigate to **Settings → API Keys** 3. Click **Create New Key** 4. Give your key a descriptive name 5. Copy the key immediately (it won't be shown again) ## Using Your API Key Include your API key in the `Authorization` header of all requests: ```bash curl -X GET https://api.aroyb-tech.com/v1/products \ -H "Authorization: Bearer your_api_key_here" ``` ## API Key Best Practices ### Security - **Never expose keys** in client-side code - **Rotate keys** regularly (at least quarterly) - **Use different keys** for development and production - **Set expiration dates** for temporary access ### Rate Limits API requests are rate-limited based on your plan: | Plan | Requests/Hour | Requests/Day | | ---------- | ------------- | ------------ | | Starter | 1,000 | 10,000 | | Growth | 5,000 | 50,000 | | Enterprise | Unlimited | Unlimited | ### Error Handling When authentication fails, you'll receive a `401 Unauthorized` response: ```json { "error": { "code": "unauthorized", "message": "Invalid or expired API key" } } ``` ## Revoking Keys To revoke an API key: 1. Navigate to **Settings → API Keys** 2. Find the key you want to revoke 3. Click the **Delete** button 4. Confirm the action Revoked keys stop working immediately. ## Next Steps - [Make your first API call](/docs/api/first-request) - [View API endpoints](/docs/api/endpoints) - [Error handling guide](/docs/api/errors)