> ## Documentation Index
> Fetch the complete documentation index at: https://docs.posthook.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your API requests

The Posthook API uses API keys to authenticate requests. You can view and manage your API keys in the **Settings** page of your project in the [Dashboard](https://posthook.io/app/home).

## X-API-Key Header

Authenticate requests using the `X-API-Key` header.

```bash theme={null}
X-API-Key: <YOUR_API_KEY>
```

<Note>
  **Project Scoping**: Each API Key is tied to a **specific project**. All API requests are automatically scoped to that project. You cannot access resources from Project B while using an API Key from Project A.
</Note>

<Warning>
  Although some APIs use `Authorization: Bearer <token>`, Posthook expects the key directly in the `X-API-Key` header.
</Warning>

## Example Request

```bash theme={null}
curl "https://api.posthook.io/v1/hooks" \
  -H "X-API-Key: phk_test_..." \
  -H "Content-Type: application/json"
```

## Using the SDK

The official SDKs handle authentication automatically. Pass your API key when creating the client — no need to set headers manually.

<CodeGroup>
  ```typescript TypeScript theme={null}
  import Posthook from '@posthook/node';

  const posthook = new Posthook('phk_your_api_key');

  // All requests are automatically authenticated
  const hook = await posthook.hooks.schedule({
    path: '/webhooks/remind',
    postIn: '5m',
    data: { userId: '123' }
  });
  ```

  ```python Python theme={null}
  from posthook import Posthook

  client = Posthook("phk_your_api_key")

  # All requests are automatically authenticated
  hook = client.hooks.schedule(
      "/webhooks/remind",
      post_in="5m",
      data={"userId": "123"}
  )
  ```

  ```go Go theme={null}
  import "github.com/posthook/posthook-go"

  client, err := posthook.NewClient("phk_your_api_key")

  // All requests are automatically authenticated
  hook, _, err := client.Hooks.Schedule(ctx, &posthook.HookScheduleParams{
      Path:   "/webhooks/remind",
      PostIn: "5m",
      Data:   map[string]string{"userId": "123"},
  })
  ```
</CodeGroup>

<Tip>
  You can also set the `POSTHOOK_API_KEY` environment variable instead of passing the key directly.
</Tip>

Your API keys carry significant privileges, so keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.
