> ## Documentation Index
> Fetch the complete documentation index at: https://docs.steerai.autos/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & API Keys

> Secure authentication setup for Steer AI APIs and services

## Overview

Steer AI uses API key-based authentication to secure access to our services. All API requests must include a valid API key in the request headers.

## Getting Your API Keys

### 1. Access Your Dashboard

1. Log in to your [Steer AI Dashboard](https://dashboard.steerai.autos)
2. Navigate to **Settings** → **API Keys**
3. Click **Generate New API Key**

### 2. API Key Types

<CardGroup cols={2}>
  <Card title="Development Keys" icon="code">
    • For testing and development
    • Limited rate limits
    • Sandbox environment access
    • Free tier available
  </Card>

  <Card title="Production Keys" icon="shield-check">
    • For live applications
    • Full rate limits
    • Production environment access
    • Requires paid plan
  </Card>
</CardGroup>

## Authentication Methods

### HTTP Header Authentication

Include your API key in the `Authorization` header:

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/inspections" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
```

### Query Parameter Authentication

Alternatively, include the API key as a query parameter:

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/inspections?api_key=YOUR_API_KEY"
```

<Warning>
  **Security Note:** Header authentication is recommended over query parameters to prevent API keys from appearing in server logs.
</Warning>

## Environment Configuration

### Development Environment

```bash theme={null}
# .env file
STEER_AI_API_KEY=dev_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
STEER_AI_BASE_URL=https://api-sandbox.steerai.autos/v1
```

### Production Environment

```bash theme={null}
# .env file
STEER_AI_API_KEY=prod_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
STEER_AI_BASE_URL=https://api.steerai.autos/v1
```

## SDK Authentication

### Python SDK

```python theme={null}
from steer_ai import SteerAI

# Initialize client
client = SteerAI(api_key="YOUR_API_KEY")

# Or using environment variable
import os
client = SteerAI(api_key=os.getenv("STEER_AI_API_KEY"))
```

### JavaScript SDK

```javascript theme={null}
import { SteerAI } from '@steerai/sdk';

// Initialize client
const client = new SteerAI({
  apiKey: 'YOUR_API_KEY'
});

// Or using environment variable
const client = new SteerAI({
  apiKey: process.env.STEER_AI_API_KEY
});
```

## Testing Your Authentication

### Quick Test

Use this endpoint to verify your authentication is working:

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/auth/test" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

**Expected Response:**

```json theme={null}
{
  "status": "success",
  "message": "Authentication successful",
  "account": {
    "id": "acc_1234567890",
    "name": "Your Company Name",
    "plan": "professional"
  }
}
```

## Security Best Practices

<AccordionGroup>
  <Accordion icon="lock" title="API Key Management">
    • Store API keys in environment variables, never in code
    • Use different keys for development and production
    • Rotate keys regularly (recommended: every 90 days)
    • Immediately revoke compromised keys
  </Accordion>

  <Accordion icon="shield" title="Network Security">
    • Always use HTTPS for API requests
    • Implement proper SSL certificate validation
    • Use IP whitelisting when possible
    • Monitor API usage for unusual patterns
  </Accordion>

  <Accordion icon="eye" title="Access Control">
    • Limit API key permissions to minimum required
    • Use separate keys for different services
    • Implement proper error handling
    • Log authentication failures for monitoring
  </Accordion>
</AccordionGroup>

## Rate Limiting

API keys have different rate limits based on your plan:

| Plan             | Requests/Hour | Concurrent Requests |
| ---------------- | ------------- | ------------------- |
| **Free**         | 1,000         | 5                   |
| **Starter**      | 10,000        | 20                  |
| **Professional** | 100,000       | 100                 |
| **Enterprise**   | Unlimited     | Custom              |

## Error Handling

### Common Authentication Errors

```json theme={null}
{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid",
    "type": "authentication_error"
  }
}
```

```json theme={null}
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Rate limit exceeded. Try again in 60 seconds",
    "type": "rate_limit_error",
    "retry_after": 60
  }
}
```

### Handling Authentication Errors

```python theme={null}
try:
    response = client.inspections.create(data)
except SteerAIAuthenticationError as e:
    # Handle authentication error
    print(f"Authentication failed: {e.message}")
except SteerAIRateLimitError as e:
    # Handle rate limit
    print(f"Rate limit exceeded. Retry after {e.retry_after} seconds")
```

## Troubleshooting

### API Key Not Working

1. **Verify the key format:** Should start with `dev_` or `prod_`
2. **Check environment:** Ensure you're using the correct base URL
3. **Confirm plan status:** Verify your account is active
4. **Test with curl:** Use the test endpoint above

### Permission Denied

1. **Check key permissions:** Ensure the key has required scopes
2. **Verify plan limits:** Confirm you haven't exceeded usage limits
3. **Review IP restrictions:** Check if IP whitelisting is configured

<Note>
  Need help with authentication? Contact our support team at [support@steerai.autos](mailto:support@steerai.autos) with your account ID (never share your API keys).
</Note>
