> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stairoids.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate every Stairoids API request with a Bearer API key. Learn how to generate keys, assign scopes, and handle auth error responses.

Every request to the Stairoids API must be authenticated with an API key.

## Generate an API key

1. Open the Stairoids dashboard.
2. Go to **Workspace Settings → API Keys**.
3. Click **Create API key**, give it a name, and choose its scopes.
4. Copy the key immediately — it is only shown once.

## Send the key

Pass the API key in the `Authorization` header as a Bearer token:

```bash theme={null}
curl https://app.stairoids.com/api/signals \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## Scopes

Keys are scoped to limit what they can do:

* `read` — list and fetch resources.
* `write` — create, update, and delete resources.
* `signals:write` — push signal events only.

Use the minimum scopes required for each integration.

## Error responses

| Status | Reason                                    |
| ------ | ----------------------------------------- |
| 401    | Missing or invalid API key                |
| 403    | Key is valid but lacks the required scope |

## Rotating keys

Rotate keys regularly and immediately if a key may have been exposed. Create the new key, deploy it to your integrations, then revoke the old key.