> For the complete documentation index, see [llms.txt](https://docs.linora.finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.linora.finance/cards-and-usage/api/authentication.md).

# Authentication

> **Authentication** The **Linora** API uses **API key–based authentication** to authorize requests.

Each request must include a valid API key issued through the **Linora** dashboard.

<table data-view="cards"><thead><tr><th></th><th data-hidden data-card-cover data-type="image">Cover image</th></tr></thead><tbody><tr><td><p><mark style="color:blue;"><strong>API keys</strong></mark></p><p>API keys are used to identify and authorize access to the <strong>Linora</strong> API.</p><ul><li>API keys are <strong>created and managed in the dashboard</strong></li><li>Each key is tied to a specific account</li><li>Multiple API keys can be created for different environments (e.g. production, testing)</li></ul></td><td><a href="/files/8TLIl3AwuSfRJhmJFqCI">/files/8TLIl3AwuSfRJhmJFqCI</a></td></tr><tr><td><p><mark style="color:blue;"><strong>Key rotation and revocation</strong></mark></p><ul><li>API keys can be <strong>revoked at any time</strong> via the dashboard</li><li>Revoked keys immediately lose access</li><li>It is recommended to <strong>rotate keys periodically</strong> for security reasons</li></ul></td><td><a href="/files/40cp3RisMnw72Y5dl29C">/files/40cp3RisMnw72Y5dl29C</a></td></tr><tr><td><p><mark style="color:blue;"><strong>Security recommendations</strong></mark></p><ul><li>Do not expose API keys in client-side code</li><li>Store keys securely using environment variables or secret managers</li><li>Use separate keys for different applications or services</li></ul></td><td><a href="/files/T5rszBxoY2DfaEAplM86">/files/T5rszBxoY2DfaEAplM86</a></td></tr></tbody></table>

#### Authorization header <a href="#authorization-header" id="authorization-header"></a>

All authenticated requests must include the API key in the `Authorization` header.

**Header format**

```
Authorization: Bearer YOUR_API_KEY
```

Requests without this header or with an invalid key will be rejected.\\

## Example request

```
curl -X GET "https://linora.finance/api/dashboard/users"
-H "Authorization: Bearer YOUR_API_KEY"
```

## Authentication errors

If authentication fails, the API returns an error response.

**HTTP 401 — Unauthorized**

```
{
"success": false,
"error": "Invalid or missing API key"
}
```

Common causes:

* missing `Authorization` header,
* invalid or revoked API key,
* malformed header format.

> **Note** Linora does not support alternative authentication methods (OAuth, sessions) at this time.

***

> **Next step** Continue to the **Users** section to learn how to manage users, wallets, and deposits via the API.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.linora.finance/cards-and-usage/api/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.