> ## Documentation Index
> Fetch the complete documentation index at: https://docs.markifact.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate Markifact API requests with team-scoped API keys.

The Markifact API uses bearer API keys.

```bash theme={"dark"}
curl https://api.markifact.com/v1/connections \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## API Keys

Team owners can create API keys from the Markifact workspace under **Settings > API Keys**. API keys are scoped to the team that created them and can only access that team's API resources.

<Note>
  API keys are only available on Team plan workspaces. Only the team owner can view, create, and revoke API keys. You can create multiple keys for different integrations or environments, and revoked keys stop working immediately.
</Note>

## Header

Pass the key in the `Authorization` header:

| Header          | Value                 |
| --------------- | --------------------- |
| `Authorization` | `Bearer YOUR_API_KEY` |

## Security Model

API requests are team-contained:

* API keys resolve to a single team.
* Connection list and lookup endpoints return shared connections in that team, plus private connections owned by the user who created the API key.
* Auth link status endpoints only return auth links created by that team.
* Delete endpoints only remove shared connections in that team, or private connections owned by the user who created the API key.
* Connection credentials are never returned.

## Errors

Missing, invalid, expired, revoked, or unauthorized-plan keys return `401`.

```json theme={"dark"}
{
  "detail": "Invalid or revoked API key"
}
```
