> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sparqle.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate every request with your Sparqle API key.

The Sparqle API authenticates requests with an **API key** sent in the `api-key`
HTTP header.

```bash theme={null}
curl https://staging-v2.sparqle.tech/orders/label/SPQ-10293 \
  -H "api-key: YOUR_API_KEY"
```

Each key is scoped to one environment and to the location(s) it was issued for.
Keys can be found in the settings of the sparqle dashboard. If your organisation does not have access yet, request access at
[support@sparqle.com](mailto:support@sparqle.com).

<Warning>
  Treat your API key like a password. Never embed it in client-side code, mobile
  apps, or public repositories. Make all Sparqle API calls from your backend.
</Warning>

## Test vs. live keys

You get a separate key per environment. A test key only works against the test
base URL, and a live key only works against the live base URL. See
[Environments](/environments) for the URLs.

| Environment | Header                | Base URL                          |
| ----------- | --------------------- | --------------------------------- |
| Test        | `api-key: <test key>` | `https://staging-v2.sparqle.tech` |
| Live        | `api-key: <live key>` | `https://v2.sparqle.com`          |

## Failed authentication

A missing, malformed, or revoked key returns `401 Unauthorized`. Using a valid
key against a `locationId` it isn't allowed to access returns `403 Forbidden`.
See [Errors](/errors) for the full list.