> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stigg.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Authenticate REST API requests with Stigg API keys

API keys are used to authenticate requests to the Stigg REST API. Include your key in the `X-API-KEY` header with every request:

```bash theme={null}
curl -X GET "https://api.stigg.io/api/v1/customers" \
  -H "X-API-KEY: your-server-api-key" \
  -H "Content-Type: application/json"
```

The REST API accepts any **server key** — either the default full access key or a user-created scoped key (Scale plan).

### REST SDK

```typescript theme={null}
import Stigg from '@stigg/rest-client';

const stigg = new Stigg({
  apiKey: process.env.STIGG_SERVER_API_KEY,
});
```

### Authentication errors

If the key is missing, invalid, or expired, the API returns `401 Unauthorized`:

```json theme={null}
{
  "error": {
    "code": "UNAUTHENTICATED",
    "message": "Invalid or missing API key"
  }
}
```

If you use a scoped key that lacks permission for the requested resource, the API returns `403 Forbidden`.

## Key management

For key types, creating scoped keys, rotation, revocation, and access control, see the full API key management guide:

<Card title="API key management" icon="key" href="/documentation/managing-your-account/environments/api-keys" horizontal />
