> ## Documentation Index
> Fetch the complete documentation index at: https://sleekplan.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# REST API keys

> Create, use, and rotate API keys for the Sleekplan REST API — generated in Settings → Developer and sent as a Bearer token in every request

The REST API uses API key authentication. This page covers creating, using, and rotating keys.

## Create an API key

<Steps>
  <Step title="Open your workspace">
    Log in and open the workspace you want to access via the API.
  </Step>

  <Step title="Go to Settings → Developer">
    Navigate to [Settings → Developer](https://app.sleekplan.com/settings/developer).
  </Step>

  <Step title="Copy the API key">
    Copy the API key from the API section.
  </Step>
</Steps>

## Authenticate a request

Include your API key in the `Authorization` header of every request as a Bearer token.

```http theme={"system"}
GET /your-endpoint HTTP/1.1
Host: api.sleekplan.com
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
```

## Rotate a key

Rotating an API key invalidates the previous key immediately. Before rotating, update every server that uses the current key so requests are not interrupted.

<Warning>
  Treat your API key as a secret. Never commit it to version control or include it in client-side code. Anyone who has the key can make requests on behalf of your workspace.
</Warning>

## Scope

An API key carries the permissions of the workspace member who owns it. The API exposes the same data and actions that are available to that user in the dashboard — no more, no less.

<CardGroup cols={2}>
  <Card title="REST API overview" icon="terminal" href="/api/overview">
    Learn about base URLs, rate limits, and response formats.
  </Card>

  <Card title="Authentication overview" icon="key" href="/authentication/overview">
    Explore all authentication methods supported by Sleekplan.
  </Card>
</CardGroup>
