> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tuesday.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your requests to the Tuesday Leads API

## Overview

All requests to the Tuesday Leads API must be authenticated using your unique API key. Authentication is handled through HTTP headers, making it simple to integrate into any application or programming language.

## API Key Authentication

### Getting Your API Key

1. **Sign up** for a Tuesday account at [app.tuesday.so](https://app.tuesday.so)
2. **Navigate** to the API Keys section in your dashboard
3. **Generate** a new API key for your application
4. **Copy** the key and store it securely

<Warning>
  Your API key is sensitive information. Never share it publicly, commit it to version control, or expose it in client-side code.
</Warning>

### How to Authenticate

Include your API key in the `X-API-KEY` header of every request:

<CodeGroup>
  ```bash cURL theme={null}
  curl --location 'https://api.tuesday.so/api/v1/public/auth' \
  --header 'X-API-KEY: your-api-key-here'
  ```

  ```javascript JavaScript theme={null}
  const headers = {
    'X-API-KEY': 'your-api-key-here',
    'Content-Type': 'application/json'
  };

  const response = await fetch('https://api.tuesday.so/api/v1/endpoint', {
    method: 'GET',
    headers: headers
  });
  ```

  ```python Python theme={null}
  import requests

  headers = {
      'X-API-KEY': 'your-api-key-here',
      'Content-Type': 'application/json'
  }

  response = requests.get(
      'https://api.tuesday.so/api/v1/endpoint',
      headers=headers
  )
  ```

  ```php PHP theme={null}
  <?php
  $headers = [
      'X-API-KEY: your-api-key-here',
      'Content-Type: application/json'
  ];

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api.tuesday.so/api/v1/endpoint');
  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

  $response = curl_exec($ch);
  curl_close($ch);
  ?>
  ```
</CodeGroup>

## Testing Authentication

Use the Auth API endpoint to verify your API key is working correctly:

```bash theme={null}
curl --location 'https://api.tuesday.so/api/v1/public/auth' \
--header 'X-API-KEY: your-api-key-here'
```

**Successful Response:**

```json theme={null}
{
    "data": {
        "name": "Your Workspace Name",
        "id": "ws30ngrb03luqxcl27", 
        "user_id": "usr19g6tln8rlii8"
    },
    "statusCode": 200,
    "message": "Success"
}
```

## Authentication Errors

When authentication fails, you'll receive one of these error responses:

### Invalid API Key

```json theme={null}
{
    "statusCode": 401,
    "message": "Unauthorized",
    "error": "Invalid or missing API key"
}
```

### Missing API Key

```json theme={null}
{
    "statusCode": 401,
    "message": "Unauthorized", 
    "error": "API key is required"
}
```

## Best Practices

<AccordionGroup>
  <Accordion title="Secure Storage">
    Store your API keys in environment variables or secure configuration management systems. Never hardcode them in your application.

    ```bash theme={null}
    # Environment variable
    export TUESDAY_API_KEY="your-api-key-here"
    ```

    ```javascript theme={null}
    // In your application
    const apiKey = process.env.TUESDAY_API_KEY;
    ```
  </Accordion>

  <Accordion title="Key Rotation">
    Regularly rotate your API keys for enhanced security. The Tuesday dashboard allows you to generate new keys and deactivate old ones.
  </Accordion>

  <Accordion title="Monitoring Usage">
    Monitor your API key usage through the Tuesday dashboard to track consumption and detect any unusual activity.
  </Accordion>

  <Accordion title="Error Handling">
    Always implement proper error handling for authentication failures in your applications.

    ```javascript theme={null}
    try {
      const response = await fetch(endpoint, { headers });
      
      if (response.status === 401) {
        throw new Error('Invalid API key - check your authentication');
      }
      
      const data = await response.json();
      return data;
    } catch (error) {
      console.error('Authentication error:', error);
    }
    ```
  </Accordion>
</AccordionGroup>

## Environment-Specific Keys

<Tip>
  Consider using different API keys for different environments (development, staging, production) to better isolate usage and maintain security.
</Tip>

## Next Steps

Once you have authentication working:

* Check out [Rate Limits & Credits](/rate-limits-and-credits) to understand usage limits
* Make your first API call with the [People Profile API](/api-reference/people/profile)
* Explore the full [API Reference](/api-reference/auth/check-api-key)
