> ## Documentation Index
> Fetch the complete documentation index at: https://docs.saytics.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate Requests with Saytics API Keys

> Pass your Saytics API key in the Authorization header to authenticate requests. Learn the difference between write keys and secret keys.

Every request to the Saytics API must include your API key. Saytics uses two types of keys depending on where your code runs — one designed for client-side environments and one for server-side use only.

## Key types

**Write key** — Safe to use in browser or mobile client-side code. Write keys can only track events and call `identify()`. They cannot access reports or delete data. Write keys use the prefix `sk_write_`.

**Secret key** — Must never be exposed in client-side code or committed to source control. Secret keys have full API access, including reading reports and deleting users. Secret keys use the prefix `sk_live_`.

## Finding your API keys

<Steps>
  <Step title="Log in to your Saytics dashboard">
    Go to [app.saytics.com](https://app.saytics.com) and sign in to your account.
  </Step>

  <Step title="Open Settings → API Keys">
    Navigate to **Settings** in the sidebar, then select **API Keys**.
  </Step>

  <Step title="Copy the key you need">
    Copy your write key for client-side code, or your secret key for server-side integrations.
  </Step>
</Steps>

## How to authenticate

Pass your key in the `Authorization` header on every request:

```bash theme={null}
curl -X POST https://api.saytics.com/v1/events \
  -H "Authorization: Bearer sk_live_YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{ ... }'
```

## Authentication errors

If authentication fails, the API returns a `401` status with one of the following error bodies:

```json theme={null}
{
  "error": {
    "code": "invalid_key",
    "message": "The provided API key is invalid or revoked."
  }
}
```

```json theme={null}
{
  "error": {
    "code": "missing_key",
    "message": "Authorization header is required."
  }
}
```

<Warning>
  Never commit API keys to source control. Store them in environment variables and reference them in your code: `process.env.SAYTICS_SECRET_KEY`
</Warning>

## Rotating your API keys

To rotate a key without causing downtime:

1. Create a new key in **Settings → API Keys**.
2. Update your application or environment variables to use the new key.
3. Deploy your changes and verify requests are succeeding.
4. Revoke the old key from the dashboard.

Creating the new key before revoking the old one ensures your integration remains uninterrupted throughout the rotation.