# Authentication

> Authenticate every request with your API key.

- Canonical: https://tchavi.com/en/docs/authentication

---


All API requests require a valid API key sent in the `Authorization` header:

```bash
Authorization: Bearer YOUR_API_KEY
```

API keys can be created and managed from your [dashboard](/api-keys). Each key is tied to your account's credit balance. You can create multiple keys for different projects.

Keep your API keys secret. Do not share them in client-side code, public repositories, or URLs.

<Callout type="tip">

Store your key in an environment variable and read it at runtime — never hardcode it in source code.

```bash
# .env
TCHAVI_API_KEY="sk-tch_..."

# Node.js
const client = new Tchavi({ apiKey: process.env.TCHAVI_API_KEY });

# Python
import os
client = OpenAI(api_key=os.environ["TCHAVI_API_KEY"], base_url="...")
```

</Callout>