> ## Documentation Index
> Fetch the complete documentation index at: https://docs.supertoneapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> All Supertone API requests authenticate with an API key sent in the `x-sup-api-key` header.

The Supertone API uses an API-key authentication scheme with a custom header.

## Header

```http theme={"dark"}
x-sup-api-key: <YOUR_API_KEY>
```

Include this header on every request. Missing or invalid keys return `401 Unauthorized`; keys without permission for the resource return `403 Forbidden`.

## Issue a key

Sign in at the [developer console](https://console.supertoneapi.com) and create a new key. You can have up to **3 active keys per account**; revoke and reissue from the console at any time.

## Example

```bash theme={"dark"}
curl https://supertoneapi.com/v1/voices \
  -H "x-sup-api-key: $SUPERTONE_API_KEY"
```

## Authentication errors

| Status             | Cause                                                                                                     |
| ------------------ | --------------------------------------------------------------------------------------------------------- |
| `401 Unauthorized` | Missing, malformed, or revoked API key.                                                                   |
| `403 Forbidden`    | Valid key, but no permission for the resource (e.g. calling a custom voice owned by a different account). |

For the full error catalog and recommended responses, see [Error handling](/en/docs/production/error-handling).

## See also

<CardGroup cols={2}>
  <Card title="Docs: Authentication" icon="key" href="/en/docs/authentication">
    Setup walkthrough, env-var conventions, and security checklist.
  </Card>

  <Card title="Quickstart" icon="rocket" href="/en/docs/quickstart">
    Set your key and make your first call in five minutes.
  </Card>
</CardGroup>
