> ## Documentation Index
> Fetch the complete documentation index at: https://docs.triqai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Triqai API

All Triqai API requests require authentication using an API key. This guide covers how to obtain, use, and manage your API keys securely.

## API Key Overview

Triqai uses API keys to authenticate requests. Each key is associated with an organization and determines:

* **Access permissions**: Which endpoints you can access
* **Rate limits**: How many requests you can make per minute
* **Credit usage**: Which organization's credits are consumed

## Key Formats

Triqai API key format is as follows: `triq_xxxxx...`

## Getting Your API Key

<Steps>
  <Step title="Sign in to your account">
    Go to [triqai.com/login](https://www.triqai.com/login) and sign in.
  </Step>

  <Step title="Navigate to API Keys">
    In your dashboard, find the API Keys section.
  </Step>

  <Step title="Copy your key">
    Copy your API key. You can generate additional keys if needed.
  </Step>
</Steps>

## Using Your API Key

Include your API key in the `X-API-Key` header with every request:

<CodeGroup>
  ```typescript Node.js theme={null}
  import Triqai from "triqai";

  const triqai = new Triqai("triq_your_api_key_here");

  const result = await triqai.transactions.enrich({
    title: "STARBUCKS NYC",
    country: "US",
    type: "expense",
  });
  ```

  ```bash cURL theme={null}
  curl -X POST https://api.triqai.com/v1/transactions/enrich \
    -H "Content-Type: application/json" \
    -H "X-API-Key: triq_your_api_key_here" \
    -d '{"title": "STARBUCKS NYC", "country": "US", "type": "expense"}'
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://api.triqai.com/v1/transactions/enrich',
      headers={
          'Content-Type': 'application/json',
          'X-API-Key': 'triq_your_api_key_here'
      },
      json={
          'title': 'STARBUCKS NYC',
          'country': 'US',
          'type': 'expense'
      }
  )
  ```
</CodeGroup>

## Authentication Errors

If authentication fails, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "success": false,
  "error": {
    "code": "authentication_error",
    "message": "Invalid or missing API key"
  },
  "meta": {
    "generatedAt": "2026-01-19T10:30:00Z",
    "requestId": "3c90c3cc-0d44-4b50-8888-8dd25736052a123",
    "version": "1.3.13"
  }
}
```

### Common Authentication Issues

| Error           | Cause                              | Solution                              |
| --------------- | ---------------------------------- | ------------------------------------- |
| Missing API key | No `X-API-Key` header provided     | Add the header to your request        |
| Invalid API key | Key doesn't exist or is malformed  | Check for typos; regenerate if needed |
| Revoked API key | Key has been revoked               | Generate a new key in the dashboard   |
| Invalid format  | Key doesn't match expected pattern | Ensure key starts with `triq_`        |

## Security Best Practices

<Warning>
  Never expose your API key in client-side code, public repositories, or logs.
</Warning>

### Do's

* Store API keys in environment variables
* Use server-side code to make API requests
* Rotate keys periodically
* Use separate keys for development and production
* Monitor API usage in your dashboard

### Don'ts

* Commit API keys to version control
* Include keys in client-side JavaScript
* Share keys via insecure channels
* Use production keys for testing

### Environment Variables

Store your API key in environment variables:

```bash .env theme={null}
TRIQAI_API_KEY=triq_your_api_key_here
```

Then access it in your code:

<CodeGroup>
  ```typescript Node.js theme={null}
  import Triqai from "triqai";

  const triqai = new Triqai(process.env.TRIQAI_API_KEY!);
  ```

  ```python Python theme={null}
  import os
  api_key = os.environ.get('TRIQAI_API_KEY')
  ```

  ```go Go theme={null}
  apiKey := os.Getenv("TRIQAI_API_KEY")
  ```
</CodeGroup>

## Managing API Keys

### Rotating Keys

If you suspect a key has been compromised:

1. Generate a new key in your dashboard
2. Update your application to use the new key
3. Revoke the old key once the new one is active

### Multiple Keys

You can create multiple API keys for different purposes:

* **Production key**: For your live application
* **Development key**: For local development
* **CI/CD key**: For automated testing pipelines
* **Partner keys**: For third-party integrations

## Organization Context

API keys are scoped to organizations:

* Each key belongs to exactly one organization
* All requests authenticated with a key are attributed to that organization
* Credits are deducted from the organization's balance
* Rate limits are applied per organization

## Next Steps

<CardGroup cols={2}>
  <Card title="Rate Limits" icon="gauge" href="/platform/rate-limits">
    Understand request limits per plan
  </Card>

  <Card title="Credits" icon="coins" href="/platform/credits">
    Learn how credit consumption works
  </Card>
</CardGroup>