> ## Documentation Index
> Fetch the complete documentation index at: https://docs.creao.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate CREAO Developer API requests with server-side Account API keys.

## Account API keys

Developer API requests use Account API keys from [Developer Console](https://developer.creao.ai/). Keys start with `cr_sk_` and authenticate only the public `/v1/*` API.

```http theme={null}
Authorization: Bearer cr_sk_your_key_here
```

<Note>
  This page covers Developer Platform Account API keys. App-scoped API Trigger keys are created from an agent detail page in `agent.creao.ai`, start with `capi_`, and authenticate the app-scoped `agent.creao.ai/api/v1/apps/{appId}/runs` route. See [API Paths](/api-reference/api-paths) for the comparison.
</Note>

<Warning>
  Account API keys are server-side secrets. Do not put them in browser frontend code, mobile apps, public repositories, client logs, or analytics events.
</Warning>

## Create a key

<Steps>
  <Step title="Open Developer Console">
    Go to [developer.creao.ai](https://developer.creao.ai/) with the CREAO account that owns the agents you want to run.
  </Step>

  <Step title="Create an Account API key">
    Open **API Keys**, create a key, and store it immediately. The full key is shown only once.
  </Step>

  <Step title="Copy an agent ID">
    Create a personal agent with `POST /v1/agents`, or open **Agents** and copy the `agent_id` for an active personal agent. Developer Platform runs agents you own in CREAO.
  </Step>
</Steps>

## Scope

Account API keys can create, edit, and run personal agents owned by the same CREAO account. They cannot create or edit team agents, manage files, manage schedules, publish to Agent Store, access Console session APIs, or authenticate internal CREAO routes.

If a key is missing, malformed, revoked, or unknown, the API returns:

```json theme={null}
{ "error": "AUTHENTICATION_REQUIRED" }
```

## Backend example

```javascript Node.js theme={null}
const response = await fetch("https://developer.creao.ai/v1/runs", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.CREAO_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    agent_id: "00000000-0000-4000-8000-000000000000",
    input: { query: "Summarize this customer feedback export" },
  }),
});

const run = await response.json();
```

## Key rotation

Create a new key, update your backend secret store, deploy the new value, then revoke the old key in Developer Console. Revoked keys cannot be restored.
