> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ecomwize.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Create and manage API keys to authenticate your requests.

All API requests require an API key for authentication. You can create and manage keys from your EcomWize dashboard.

## Create an API key

<Steps>
  <Step title="Open API Keys">
    In your EcomWize dashboard, click **API Keys** in the sidebar.
  </Step>

  <Step title="Click Create API Key">
    Click the **+ Create API Key** button in the top right.
  </Step>

  <Step title="Name your key">
    Give your key a descriptive name (e.g., "Production automation" or "Staging tests").
  </Step>

  <Step title="Choose permission">
    Select the permission level:

    * **Full access** -- can read and edit pages (fill, duplicate)
    * **Read only** -- can only list and retrieve pages
  </Step>

  <Step title="Copy your key">
    Your API key is displayed once. Copy it immediately and store it securely. You will not be able to see it again.
  </Step>
</Steps>

<Warning>
  Never share your API key or commit it to source code. Treat it like a password. If a key is compromised, revoke it immediately from the dashboard and create a new one.
</Warning>

## Using your key

Include your API key in every request using the `Authorization` header:

```bash theme={null}
curl https://app.ecomwize.io/api/v1/pages \
  -H "Authorization: Bearer ew_live_your_key_here"
```

You can also use the `x-api-key` header as an alternative:

```bash theme={null}
curl https://app.ecomwize.io/api/v1/pages \
  -H "x-api-key: ew_live_your_key_here"
```

## Key format

All EcomWize API keys start with the `ew_live_` prefix followed by 32 hexadecimal characters:

```
ew_live_a093d5bd20e6984f13f26a8ba371fe99
```

## Permissions

| Permission      | List pages | Get page | Fill page | Duplicate and fill |
| --------------- | ---------- | -------- | --------- | ------------------ |
| **Full access** | Yes        | Yes      | Yes       | Yes                |
| **Read only**   | Yes        | Yes      | No        | No                 |

If a read-only key is used on a write endpoint, the API returns a `403` error.

## Revoking a key

To revoke an API key:

1. Go to **API Keys** in your dashboard.
2. Click the **...** menu on the key you want to revoke.
3. Click **Revoke Key** and confirm.

Revoked keys stop working immediately. Any integrations using that key will receive a `401` error.

## Security

* API keys are hashed before storage. EcomWize never stores your raw key.
* Failed authentication attempts are rate limited to prevent brute force attacks.
* All API requests are logged with timestamps, IP addresses, and status codes for your security.
