> ## Documentation Index
> Fetch the complete documentation index at: https://docs.behaviq.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

BehavIQ uses bearer tokens for protected endpoints.

```text theme={null}
Authorization: Bearer YOUR_API_KEY
```

## Public endpoints

These endpoints do not require a key:

* `GET /v1/bots`
* `GET /v1/audio/voices`

Everything else in the public API requires a valid key.

## Workspace-scoped keys

API keys belong to a workspace. Usage is recorded against that workspace.

* credit-balance workspaces share one workspace credit balance
* enterprise pooled workspaces use included workspace usage before credits
* enterprise per-user workspaces use credits for API key traffic
* API key caps apply to API key traffic
* usage reporting is shared at the workspace level
* revoking a key cuts off access for anything using that key

## Creating and rotating keys

Create keys in `Settings -> API Access`.

* keys are only shown once
* store them somewhere secure
* rotate them if a service changes hands
* revoke old keys instead of leaving them around

## Common auth failures

* `401` means the key is missing or invalid
* `403` usually means the key is valid but not allowed to call that endpoint

The [errors page](/errors) has the usual failure patterns and retry guidance.
