> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stateset.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate requests to the StateSet ResponseCX APIs

# Authentication

StateSet ResponseCX provides REST and GraphQL APIs. All requests must be authenticated with an API key.

<Info>
  **Quick Start**

  ```bash theme={null}
  Authorization: Bearer ${STATESET_API_KEY}
  ```
</Info>

## API keys

* **Test keys** (`sk_test_`) for sandbox development
* **Live keys** (`sk_live_`) for production

Create keys in **Dashboard → Settings → API Keys**. Keys are shown only once—store them securely.

<Warning>
  Never expose secret keys in client-side code or public repositories. Use environment variables.
</Warning>

## Using your key

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.stateset.com/v1/agents \
    -H "Authorization: Bearer ${STATESET_API_KEY}" \
    -H "Content-Type: application/json"
  ```

  ```javascript Node.js theme={null}
  import { StateSetClient } from 'stateset-node';

  const client = new StateSetClient({
    apiKey: process.env.STATESET_API_KEY
  });

  const agents = await client.agents.list();
  ```

  ```python Python theme={null}
  import os
  from stateset import StateSetClient

  client = StateSetClient(api_key=os.getenv("STATESET_API_KEY"))
  agents = client.agents.list()
  ```
</CodeGroup>

## Troubleshooting

* `401 Unauthorized`: missing/invalid key or wrong environment.
* `403 Forbidden`: key lacks required permissions.
