> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/abdofallah/IqraAI/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate your API requests using API keys

## Overview

The Iqra AI API uses API key authentication to secure all endpoints. You must include your API key in the `Authorization` header of every request.

## Authentication method

All API requests must include an API key in the `Authorization` header using the `Token` scheme:

```bash theme={null}
Authorization: Token YOUR_API_KEY
```

## Creating an API key

You can create API keys through the Iqra AI dashboard:

1. Navigate to the API Keys section in your account settings
2. Click "Create New API Key"
3. Configure the following settings:

<ParamField body="FriendlyName" type="string" required>
  A descriptive name for the API key to help you identify its purpose
</ParamField>

<ParamField body="RestrictedBusinessIds" type="array">
  Optional list of business IDs to restrict this API key's access. If not specified, the key can access all your businesses.
</ParamField>

<ParamField body="AllowUserManagementApiRequests" type="boolean" required>
  Whether this API key can be used for user management endpoints
</ParamField>

## Authentication validation

When you make an API request, the system validates:

* **API key validity**: The key must exist and be active
* **Business restrictions**: If the key has business restrictions, it can only access those specific businesses
* **User permissions**: The user associated with the API key must not be disabled
* **Business permissions**: The target business must not be disabled and you must have appropriate access

## Example request

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.iqra.ai/api/v1/business/12345 \
    -H "Authorization: Token sk_live_abc123xyz789"
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.iqra.ai/api/v1/business/12345', {
    headers: {
      'Authorization': 'Token sk_live_abc123xyz789'
    }
  });
  ```

  ```python Python theme={null}
  import requests

  headers = {
      'Authorization': 'Token sk_live_abc123xyz789'
  }

  response = requests.get(
      'https://api.iqra.ai/api/v1/business/12345',
      headers=headers
  )
  ```
</CodeGroup>

## Error responses

If authentication fails, you'll receive a response with `Success: false` and an error code:

<ResponseField name="Success" type="boolean">
  Will be `false` for authentication errors
</ResponseField>

<ResponseField name="Code" type="string">
  Error code indicating the type of failure (e.g., `INVALID_API_KEY`, `PERMISSION_DENIED`)
</ResponseField>

<ResponseField name="Message" type="string">
  Human-readable error message describing what went wrong
</ResponseField>

### Common authentication errors

| Code                | Description                                               |
| ------------------- | --------------------------------------------------------- |
| `INVALID_API_KEY`   | The API key is invalid or has been revoked                |
| `PERMISSION_DENIED` | The API key doesn't have access to the requested resource |
| `USER_DISABLED`     | The user account associated with the API key is disabled  |
| `BUSINESS_DISABLED` | The business you're trying to access is disabled          |

## Security best practices

<Warning>
  Never share your API keys or commit them to version control. Treat them like passwords.
</Warning>

* Store API keys securely using environment variables or a secrets manager
* Use different API keys for different environments (development, staging, production)
* Restrict API keys to specific businesses when possible
* Rotate API keys periodically
* Delete unused API keys immediately
* Monitor API key usage for suspicious activity

## Rate limiting

API requests are subject to rate limiting to ensure fair usage. If you exceed the rate limit, you'll receive a `429 Too Many Requests` response. Contact support if you need higher rate limits for your use case.
