> ## Documentation Index
> Fetch the complete documentation index at: https://docs.partnero.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API authentication

> Authenticate Partnero API requests using Bearer tokens. Learn how to get your API key and secure your integration.

The Partnero API uses Bearer token authentication. Every API request must include your API key in the `Authorization` header.

## Getting your API key

<Steps>
  <Step title="Log in to Partnero">
    Access your [Partnero dashboard](https://app.partnero.com).
  </Step>

  <Step title="Navigate to API settings">
    Select your program, then go to **Integration → API**.
  </Step>

  <Step title="Generate a new key">
    Click **Create API key**, give it a descriptive name, and copy the generated key.
  </Step>
</Steps>

<Warning>
  Store your API key securely. Never expose it in client-side code, public repositories, or share it publicly.
</Warning>

## Using your API key

Include the API key in the `Authorization` header of every request:

```bash theme={null}
Authorization: Bearer YOUR_API_KEY
```

### Example request

```bash theme={null}
curl --location 'https://api.partnero.com/v1/partners' \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer YOUR_API_KEY'
```

## Authentication errors

| Status Code | Error        | Solution                                                                |
| ----------- | ------------ | ----------------------------------------------------------------------- |
| 401         | Unauthorized | Check that your API key is correct and not expired                      |
| 403         | Forbidden    | Verify your account has API access and the key has required permissions |

## Best practices

<AccordionGroup>
  <Accordion title="Use environment variables">
    Store API keys in environment variables, not in your codebase:

    ```bash theme={null}
    export PARTNERO_API_KEY="your_api_key_here"
    ```
  </Accordion>

  <Accordion title="Rotate keys regularly">
    Periodically generate new API keys and revoke old ones to maintain security.
  </Accordion>

  <Accordion title="Use separate keys for environments">
    Create different API keys for development, staging, and production environments.
  </Accordion>

  <Accordion title="Server-side requests only">
    Make API calls from your server, never from client-side JavaScript. Use the [JavaScript SDK](/guides/tracking/javascript-tracking) for client-side tracking.
  </Accordion>
</AccordionGroup>

## Program-specific requests

Each API key is scoped to a specific program. When making requests, the API automatically uses the program associated with your key.

<Tip>
  If you manage multiple programs, create separate API keys for each program.
</Tip>