> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stigg.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Authenticate GraphQL API requests with Stigg API keys

API keys are used to authenticate requests to the Stigg GraphQL API. Include your key in the `X-API-Key` header with every request:

```bash theme={null}
curl -X POST https://api.stigg.io/graphql \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"query": "{ customers { edges { node { customerId name } } } }"}'
```

The GraphQL API accepts any **server key** — either the default full access key or a user-created scoped key.

<Note>
  Scoped API keys are available on the Scale plan. Without them, only the default full access and publishable keys are available.
</Note>

### Authentication errors

If the key is missing, invalid, or expired, the API returns `401 Unauthorized`. If you use a scoped key that lacks permission for the requested operation, the API returns `403 Forbidden`.

## Key management

For key types, creating scoped keys, rotation, revocation, and access control, see the full API key management guide:

<Card title="API key management" icon="key" href="/documentation/managing-your-account/environments/api-keys" horizontal />
