# Authentication

All API requests require an API key sent in the `X-API-Key` header.

- Header name: `X-API-Key`
- Scope: server-to-server only
- Base URL: `https://api.redactpdf.ai`

## Validate your key

Endpoint:

- `GET /v1/me`

Example:

```bash
curl -sS -X GET "https://api.redactpdf.ai/v1/me" \
  -H "X-API-Key: YOUR_API_KEY"
```

Example response:

```json
{
  "user_id": "user_123",
  "email": "you@company.com"
}
```

## Unauthorized response

```json
{
  "error": "Unauthorized",
  "code": "unauthorized",
  "request_id": "req_abc123"
}
```

## Security recommendations

- Keep API keys in server environment variables.
- Use separate keys per environment (dev, staging, prod).
- Rotate keys on a schedule and immediately after suspected leaks.
- Never include API keys in browser JS, mobile apps, or public repos.

## Related pages

- [Jobs API](https://redactpdf.ai/docs/api-reference/jobs.md)
- [Error handling](https://redactpdf.ai/docs/guides/error-handling.md)