> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neyrs.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate with the Neyrs API

All API requests require authentication via Bearer token in the Authorization header.

## API Keys

Generate API keys from the Developer Dashboard at docs.neyrs.cloud/dashboard

### Key Format

```
neyrs_live_abc123def456
neyrs_test_xyz789ghi012
```

* `live_` prefix for production keys
* `test_` prefix for development keys

### Using API Keys

Include the API key in the Authorization header:

```bash theme={null}
curl --request GET \
  --url https://api.neyrs.cloud/v1/analytics/metrics \
  --header 'Authorization: Bearer neyrs_live_abc123def456'
```

## Key Management

### Creating Keys

```bash theme={null}
POST /v1/keys
```

```json theme={null}
{
  "name": "Production API Key",
  "scopes": ["read:portfolio", "write:messages"],
  "expiresAt": "2025-03-08T00:00:00Z"
}
```

### Revoking Keys

```bash theme={null}
DELETE /v1/keys/{keyId}
```

### Rotating Keys

```bash theme={null}
POST /v1/keys/{keyId}/rotate
```

Returns a new key while keeping the old key active for 24 hours.

## Scopes

Control API access with granular scopes:

| Scope            | Description                       |
| ---------------- | --------------------------------- |
| `read:portfolio` | View wallet balances and holdings |
| `read:messages`  | View message history              |
| `write:messages` | Send messages to agent            |
| `write:sessions` | Create and manage sessions        |
| `read:prices`    | Access token price data           |
| `admin`          | Full account access               |

## Security Best Practices

### Environment Variables

```typescript theme={null}
const neyrs = new NeyrsSDK({
  apiKey: process.env.NEYRS_API_KEY
});
```

### Key Rotation

Rotate keys every 90 days for security.

### Least Privilege

Grant only required scopes to each key.

### Monitoring

Monitor key usage in the dashboard for suspicious activity.

<Warning>
  Never expose API keys in client-side code, public repositories, or logs. If a key is compromised, revoke it immediately.
</Warning>

<Note>
  Test keys are limited to 100 requests per day and can only interact with Solana devnet.
</Note>
