> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vepler.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Vepler API

## Overview

The Vepler API uses **API key authentication** for all requests. You must include your API key in the `x-api-key` header of every request.

<Note>
  Keep your API keys secure! Never expose them in client-side code or public repositories.
</Note>

## Obtaining API Keys

<Steps>
  <Step title="Create Account">
    Sign up at [app.vepler.com](https://app.vepler.com)
  </Step>

  <Step title="Navigate to API Keys">
    Go to **Settings → API Keys** in your dashboard
  </Step>

  <Step title="Generate New Key">
    Click **"Create New Key"** and give it a descriptive name
  </Step>

  <Step title="Copy & Secure">
    Copy your key immediately - it won't be shown again
  </Step>
</Steps>

## Making Authenticated Requests

Include your API key in the `x-api-key` header:

<CodeGroup>
  ```typescript TypeScript theme={null}
  import { SDK } from '@vepler/sdk';

  const vepler = new SDK({
    apiKey: process.env.VEPLER_API_KEY
  });

  // Make a request
  const response = await vepler.property.getV1PropertyLocationIds({
    locationIds: 'p_0x000123456789'
  });
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.vepler.com/v1/property/p_0x000123456789', {
    headers: {
      'x-api-key': 'vpr_live_abc123...',
      'Content-Type': 'application/json'
    }
  });

  const result = await response.json();
  ```

  ```bash cURL theme={null}
  curl -X GET "https://api.vepler.com/v1/property/p_0x000123456789" \
    -H "x-api-key: vpr_live_abc123..." \
    -H "Content-Type: application/json"
  ```

  ```python Python theme={null}
  import requests

  headers = {
      'x-api-key': 'vpr_live_abc123...',
      'Content-Type': 'application/json'
  }

  response = requests.get('https://api.vepler.com/v1/property/p_0x000123456789', headers=headers)
  data = response.json()
  ```
</CodeGroup>

## API Key Format

API keys use the prefix `vpr_live_` followed by a unique identifier:

```
vpr_live_sk_1234567890abcdef
```

## Security Best Practices

<AccordionGroup>
  <Accordion title="Environment Variables" icon="file-code">
    Never hardcode API keys. Use environment variables:

    ```typescript theme={null}
    // Don't do this
    const apiKey = 'vpr_live_sk_1234567890';

    // Do this instead
    const apiKey = process.env.VEPLER_API_KEY;
    ```

    ```bash .env theme={null}
    VEPLER_API_KEY=vpr_live_sk_1234567890
    ```
  </Accordion>

  <Accordion title="Key Rotation" icon="arrows-rotate">
    Rotate your API keys regularly:

    1. Generate a new key in the dashboard
    2. Update your application with the new key
    3. Verify the new key works
    4. Delete the old key from the dashboard
  </Accordion>

  <Accordion title="Server-Side Only" icon="server">
    Always make API calls from your server, never from client-side code. Your API key should never be exposed in browser JavaScript, mobile apps, or public repositories.
  </Accordion>
</AccordionGroup>

## Error Handling

Handle authentication errors gracefully:

```typescript theme={null}
try {
  const response = await vepler.property.getV1PropertyLocationIds({
    locationIds: 'p_0x000123456789'
  });

  if (response.errorResponse) {
    console.error('API Error:', response.errorResponse.error);
  }
} catch (error) {
  if (error.statusCode === 401) {
    console.error('Invalid or missing API key');
  } else if (error.statusCode === 403) {
    console.error('Insufficient permissions');
  }
}
```

## Authentication Errors

| Status Code | Description                | Solution                                                             |
| ----------- | -------------------------- | -------------------------------------------------------------------- |
| `401`       | Invalid or missing API key | Check your API key is correct and included in the `x-api-key` header |
| `403`       | Insufficient permissions   | Your API key does not have access to this resource                   |

## Testing Authentication

Verify your setup with a health check endpoint:

<CodeGroup>
  ```typescript TypeScript theme={null}
  import { SDK } from '@vepler/sdk';

  const vepler = new SDK({
    apiKey: process.env.VEPLER_API_KEY
  });

  const health = await vepler.system.getV1PropertyHealth();
  console.log(health);
  ```

  ```bash cURL theme={null}
  curl -X GET "https://api.vepler.com/v1/property/health" \
    -H "x-api-key: YOUR_API_KEY"
  ```
</CodeGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Quick Start" icon="bolt" href="/quickstart">
    Build your first integration
  </Card>

  <Card title="API Reference" icon="book" href="/api-reference/introduction">
    Explore all endpoints
  </Card>

  <Card title="TypeScript SDK" icon="code" href="/sdk/typescript">
    Use the official SDK
  </Card>

  <Card title="Error Handling" icon="circle-exclamation" href="/concepts/errors">
    Handle errors effectively
  </Card>
</CardGroup>
