> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your API requests to MoonKey

## Overview

The MoonKey Auth API uses **Bearer token authentication**. All Users, Phone Numbers, Emails, and OTPs are associated with an `App` as the container.

Most endpoints require your App's **Secret API Key**, while certain client-side endpoints (used via SDK) accept a **Public Token** instead.

## API Keys

MoonKey provides two types of API keys:

* **Secret API Keys** (`sk_test_...` or `sk_live_...`) - Used for server-side API calls. Keep these secure and never expose them in client-side code.
* **Public Tokens** - Used for client-side SDK integration. Safe to use in frontend applications.

<Warning>
  Never share your secret API keys in publicly accessible areas such as GitHub, client-side code, or browser inspector.
</Warning>

## Making Authenticated Requests

Include your API key in the `Authorization` header of your requests using the Bearer scheme:

### Header Format

```bash theme={null}
Authorization: Bearer {api_key}
```

### Example Request

```bash theme={null}
curl -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
  -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
```

### Example with JavaScript

```javascript theme={null}
const response = await fetch('https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r',
    'Content-Type': 'application/json'
  }
});

const data = await response.json();
```

### Example with Python

```python theme={null}
import requests

url = "https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2"
headers = {
    "Authorization": "Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r",
    "Content-Type": "application/json"
}

response = requests.get(url, headers=headers)
data = response.json()
```

## Test vs Live Keys

* **Test Keys** (`sk_test_...`) - Use these keys for development and testing. They won't affect production data.
* **Live Keys** (`sk_live_...`) - Use these keys for production. All operations will affect real users and data.

## Getting Your API Keys

You can find your API keys in the MoonKey Dashboard:

1. Log in to your [MoonKey Dashboard](https://dashboard.moonkey.fun)
2. Navigate to **Settings** → **API Keys**
3. Copy your test or live API key
4. Use it in your API requests as shown above

<Tip>
  Rotate your API keys regularly and immediately revoke any keys that may have been compromised.
</Tip>
