# Authentication The Spexi API uses API key authentication. All requests require a valid API key included in the request header to ensure proper access control and usage tracking. ## Creating an API Key API keys are generated through your Spexi World account dashboard. Each key provides access to imagery collections based on your account permissions. {% stepper %} {% step %} #### Access Account Settings * Log in to [Spexi World](https://world.spexi.com) * Navigate to the **Settings** page using the cog icon in the bottom-left sidebar navigation {% endstep %} {% step %} #### Generate an API Key * Locate the [**API Keys**](https://world.spexi.com/settings/keys) section within Settings * Click **Create New Key** * Provide a descriptive name for your API key to distinguish it from other keys in your account * Click **Create Key** {% endstep %} {% step %} #### Secure your API Key After generation, your API key will be displayed once. Copy it immediately and store it securely - the complete key will not be displayed again. {% endstep %} {% endstepper %} ## Using Your API Key Include your API key in the `x-api-key` header of every request: ``` x-api-key: YOUR_API_KEY ``` #### Example Request ```bash curl -H "x-api-key: YOUR_API_KEY" \ "https://world.spexi.com/developer-api/api/v1/image?p=-123.1216,49.2827,100" ``` Replace `YOUR_API_KEY` with your actual API key value. ### Security Best Practices Proper API key management is essential for maintaining account security and preventing unauthorized access. #### Key Storage * Store API keys in environment variables or secure credential management systems * Never commit API keys to version control repositories * Avoid embedding keys directly in client-side code or public applications #### Key Management * Use descriptive names to identify the purpose of each key * Rotate keys periodically to enhance security #### Key Compromise If an API key is compromised or accidentally exposed: 1. Return to the API Keys section in Settings 2. Delete the compromised key immediately 3. Generate a new replacement key 4. Update all applications using the previous key ### Key Limitations API keys inherit the access permissions of your Spexi World account. Available imagery collections and usage limits are determined by your account tier and geographic access rights. ## Troubleshooting #### Common Authentication Errors **401 Unauthorized**: Indicates an invalid or missing API key * Verify the `x-api-key` header is included in your request * Confirm the key has not been deleted or deactivated * Check for extra spaces or characters in the key value **403 Forbidden**: API key is valid but lacks permission for the requested resource * Verify your account has access to the specified collection * Contact support if you believe you should have access to the requested data --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.spexi.com/api-reference/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.