> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enrichley.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How authentication works for the Enrichley API.

# Authentication

The Enrichley API uses **API keys** to authenticate requests. Every request must include your key in the request headers; requests without a valid key will be rejected.

## Obtaining your API key

1. Log in to the [Enrichley app](https://app.enrichley.io/sign-in).
2. [Upgrade to a paid plan](https://app.enrichley.io/plans) if you haven’t already.
3. Navigate to your [account profile](https://app.enrichley.io/profile).
4. Locate the **API key** section and copy your key.

API keys are generated automatically for paid accounts and can be reused across all of your Enrichley integrations.

## Using your API key

Include your key in every API request using the `X-Api-Key` header:

```bash theme={null}
curl -X POST "https://api.enrichley.io/api/v1/validate-single-email" \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -d '{
    "email": "user@example.com"
  }'
```

All current Enrichley endpoints expect this header:

* **Header name:** `X-Api-Key`
* **Location:** HTTP header
* **Applies to:** all Enrichley API endpoints

## Summary

* You authenticate with a single API key, passed in the `X-Api-Key` header.
* Keys are issued from your Enrichley dashboard for paid plans.
* Every request to the email validation endpoint must include this header.

## Best practices for API key security

1. **Keep it private** – Treat your API key like a password. Do not share it in public repos, support forums, or client-side code.
2. **Use environment variables** – Store keys in environment variables or a secrets manager, not directly in your code.
3. **Rotate if compromised** – If you suspect a key has leaked, regenerate it in your [Enrichley profile](https://app.enrichley.io/profile) and update your services.
4. **Limit access** – Only share the key with services and team members who absolutely need it.
