> ## Documentation Index
> Fetch the complete documentation index at: https://docs.otterly.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate requests to the OtterlyAI Public API

The OtterlyAI Public API uses **Bearer token** authentication. Every request
(except `/v1/health`, `/v1/openapi.json`, and `/v1/docs`) must include an
`Authorization` header.

## Header Format

```
Authorization: Bearer oai_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

## Generating an API Key

1. Sign in to the [OtterlyAI dashboard](https://app.otterly.ai).
2. Open **Settings → API Keys**.
3. Click **Create API key**, choose the workspaces and permissions, then copy
   the generated key. You will only see it once.

## Permissions

API keys are scoped to:

* **Workspaces** — only data inside the granted workspaces is returned.
* **Permissions** — typically `read` for data retrieval endpoints.

A request with an insufficient permission set receives a `403 Forbidden`
response.

## Errors

| Status | Meaning                                               |
| ------ | ----------------------------------------------------- |
| `401`  | Missing or invalid `Authorization` header             |
| `403`  | Key lacks the required permission or workspace access |
| `429`  | Rate limit exceeded                                   |
