> ## Documentation Index
> Fetch the complete documentation index at: https://docs.steerai.autos/llms.txt
> Use this file to discover all available pages before exploring further.

# API Authentication

> Secure authentication for Steer AI REST APIs

## Authentication Overview

Steer AI uses API key-based authentication with Bearer tokens. All API requests must include a valid API key in the Authorization header.

## Getting API Keys

### Development Keys

1. Sign up for a free account at [dashboard.steerai.autos](https://dashboard.steerai.autos)
2. Navigate to **Settings** → **API Keys**
3. Click **Generate Development Key**
4. Copy and securely store your key

### Production Keys

1. Upgrade to a paid plan
2. Navigate to **Settings** → **API Keys**
3. Click **Generate Production Key**
4. Copy and securely store your key

## Authentication Methods

### Bearer Token (Recommended)

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/inspections" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
```

### Query Parameter (Not Recommended)

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/inspections?api_key=YOUR_API_KEY"
```

<Warning>
  **Security Warning:** Query parameter authentication exposes your API key in server logs and browser history. Use header authentication in production.
</Warning>

## SDK Authentication

### Python

```python theme={null}
from steer_ai import SteerAI
import os

# Using environment variable (recommended)
client = SteerAI(api_key=os.getenv("STEER_AI_API_KEY"))

# Direct assignment (not recommended for production)
client = SteerAI(api_key="your_api_key_here")
```

### JavaScript/Node.js

```javascript theme={null}
import { SteerAI } from '@steerai/sdk';

// Using environment variable
const client = new SteerAI({
  apiKey: process.env.STEER_AI_API_KEY
});

// Using config object
const client = new SteerAI({
  apiKey: 'your_api_key_here',
  environment: 'production' // or 'sandbox'
});
```

## Environment Configuration

### Environment Variables

```bash theme={null}
# .env file
STEER_AI_API_KEY=your_api_key_here
STEER_AI_BASE_URL=https://api.steerai.autos/v1
STEER_AI_ENVIRONMENT=production
```

### Multiple Environment Setup

```bash theme={null}
# Development
STEER_AI_DEV_API_KEY=dev_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
STEER_AI_DEV_BASE_URL=https://api-sandbox.steerai.autos/v1

# Production
STEER_AI_PROD_API_KEY=prod_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
STEER_AI_PROD_BASE_URL=https://api.steerai.autos/v1
```

## Testing Authentication

### Quick Test Endpoint

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/auth/test" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

**Successful Response:**

```json theme={null}
{
  "status": "success",
  "data": {
    "authenticated": true,
    "account_id": "acc_1234567890",
    "plan": "professional",
    "permissions": ["inspections:read", "inspections:write"]
  }
}
```

### Account Information

```bash theme={null}
curl -X GET "https://api.steerai.autos/v1/account" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## Security Best Practices

<AccordionGroup>
  <Accordion icon="key" title="API Key Management">
    • Store keys in environment variables, never in code
    • Use different keys for development and production
    • Rotate keys every 90 days
    • Revoke compromised keys immediately
    • Use key prefixes to identify environments (dev\_, prod\_)
  </Accordion>

  <Accordion icon="shield" title="Network Security">
    • Always use HTTPS for API requests
    • Validate SSL certificates
    • Implement IP whitelisting when possible
    • Use VPN or private networks for sensitive operations
  </Accordion>

  <Accordion icon="eye" title="Access Control">
    • Limit API key permissions to minimum required
    • Use separate keys for different applications
    • Monitor API usage for unusual patterns
    • Implement proper logging and alerting
  </Accordion>
</AccordionGroup>

## Error Responses

### Invalid API Key

```json theme={null}
{
  "status": "error",
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or has been revoked",
    "type": "authentication_error"
  }
}
```

### Missing API Key

```json theme={null}
{
  "status": "error",
  "error": {
    "code": "MISSING_API_KEY",
    "message": "API key is required for this endpoint",
    "type": "authentication_error"
  }
}
```

### Insufficient Permissions

```json theme={null}
{
  "status": "error",
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Your API key does not have permission to access this resource",
    "type": "authorization_error"
  }
}
```

## Troubleshooting

### Common Issues

<AccordionGroup>
  <Accordion icon="exclamation-triangle" title="401 Unauthorized">
    **Causes:**
    • Invalid or expired API key
    • Missing Authorization header
    • Incorrect header format

    **Solutions:**
    • Verify API key is correct
    • Check header format: `Authorization: Bearer YOUR_KEY`
    • Regenerate API key if needed
  </Accordion>

  <Accordion icon="ban" title="403 Forbidden">
    **Causes:**
    • API key lacks required permissions
    • Account plan limitations
    • Suspended account

    **Solutions:**
    • Check API key permissions
    • Upgrade plan if needed
    • Contact support for account issues
  </Accordion>

  <Accordion icon="clock" title="Connection Issues">
    **Causes:**
    • Network connectivity problems
    • Firewall blocking requests
    • SSL certificate issues

    **Solutions:**
    • Test network connectivity
    • Check firewall settings
    • Verify SSL certificate validation
  </Accordion>
</AccordionGroup>

## Rate Limiting

Authenticated requests are subject to rate limits based on your plan:

| Plan         | Requests/Hour | Concurrent |
| ------------ | ------------- | ---------- |
| Free         | 1,000         | 5          |
| Starter      | 10,000        | 20         |
| Professional | 100,000       | 100        |
| Enterprise   | Unlimited     | Custom     |

## Need Help?

If you're having authentication issues:

* Check our [troubleshooting guide](/support/troubleshooting)
* Contact support at [support@steerai.autos](mailto:support@steerai.autos)
* Include your account ID (never share your API key)

<Note>
  **Security Note:** Never share your API keys in support requests, code repositories, or public forums. Our support team will never ask for your API keys.
</Note>
