> ## Documentation Index
> Fetch the complete documentation index at: https://www.alttextlab.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate API requests using the x-api-key header.

All API requests must include your API key in the `x-api-key` header. All requests must use HTTPS. See [API key](/api/api-key) for instructions on creating and managing your keys.

## Header

```
x-api-key: YOUR_API_KEY
```

## Examples

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://app.alttextlab.com/api/v1/alt-text/generate \
    -H "Content-Type: application/json" \
    -H "x-api-key: YOUR_API_KEY" \
    -d '{"imageUrl": "https://example.com/image.jpg"}'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://app.alttextlab.com/api/v1/alt-text/generate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-api-key': 'YOUR_API_KEY'
    },
    body: JSON.stringify({
      imageUrl: 'https://example.com/image.jpg'
    })
  });

  const data = await response.json();
  ```
</CodeGroup>

Replace `YOUR_API_KEY` with your actual API key from [dashboard settings](https://app.alttextlab.com/settings/api-keys).

## Authentication errors

| Status             | Meaning                               |
| ------------------ | ------------------------------------- |
| `401 Unauthorized` | API key is missing or does not exist. |

## Security

* Store your API key in an environment variable — never hardcode it in source files
* Never expose it in client-side or frontend code
* Do not commit it to source control
* If a key is compromised, delete it immediately and generate a new one
