> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enrow.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate Enrow API requests with your API key in the x-api-key header

The Enrow API uses API key authentication. Every request must include your API key in the `x-api-key` header. There are no OAuth flows or bearer tokens to manage — one API key authenticates every endpoint.

## How do I get my API key?

1. Sign up at [app.enrow.io](https://app.enrow.io)
2. Click **API** in the left menu
3. Copy your API key

<Warning>
  Keep your API key secure and never commit it to version control. Treat it like a password. If a key is ever exposed, rotate it — see [Best practices](#best-practices).
</Warning>

## How do I authenticate a request?

Include your API key in the `x-api-key` header on every request:

<CodeGroup>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://api.enrow.io/email/find/single \
    --header 'Content-Type: application/json' \
    --header 'x-api-key: YOUR_API_KEY' \
    --data '{
      "fullname": "John Doe",
      "company_domain": "example.com"
    }'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.enrow.io/email/find/single', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-api-key': 'YOUR_API_KEY'
    },
    body: JSON.stringify({
      fullname: 'John Doe',
      company_domain: 'example.com'
    })
  });

  const data = await response.json();
  ```

  ```python Python theme={null}
  import requests

  url = "https://api.enrow.io/email/find/single"
  headers = {
      "Content-Type": "application/json",
      "x-api-key": "YOUR_API_KEY"
  }
  payload = {
      "fullname": "John Doe",
      "company_domain": "example.com"
  }

  response = requests.post(url, json=payload, headers=headers)
  data = response.json()
  ```
</CodeGroup>

The same `x-api-key` header works for every endpoint — [Email Finder](/api-reference/email-finder/find-single), [Email Verifier](/api-reference/email-verifier/verify-single), [Phone Finder](/api-reference/phone/find-single), and [Account info](/api-reference/account/info).

## Why am I getting a 401 error?

A `401 Unauthorized` response means your API key is missing or invalid.

If the API key is invalid, you'll receive:

```json theme={null}
{
  "message": "This apikey is not valid"
}
```

If no API key is provided, the `message` is instead `"No apikey found in the x-api-key headers"`.

For the complete list of status codes and error formats, see [Status codes](/status-codes) and [Error handling](/error-handling).

## How do I check my account and credits?

You can retrieve your account information (credits balance and registered webhooks) using the same `x-api-key` header — no body payload is needed:

```bash theme={null}
curl https://api.enrow.io/account/info \
  -H "x-api-key: YOUR_API_KEY"
```

```json Response theme={null}
{
  "credits": 8500,
  "webhooks": ["https://your-app.com/webhooks/enrow"]
}
```

To understand how credits are consumed per endpoint, see [Credits & billing](/credits-billing).

## Best practices

<AccordionGroup>
  <Accordion title="Use Environment Variables">
    Store your API key in environment variables rather than hardcoding it:

    ```bash theme={null}
    export ENROW_API_KEY="your_api_key_here"
    ```
  </Accordion>

  <Accordion title="Rotate Keys Regularly">
    For enhanced security, rotate your API keys periodically and revoke unused keys.
  </Accordion>

  <Accordion title="Use Different Keys for Different Environments">
    Create separate API keys for development, staging, and production environments.
  </Accordion>
</AccordionGroup>

## Next steps

<CardGroup cols={2}>
  <Card title="Find an email" icon="envelope" href="/api-reference/email-finder/find-single">
    Search for a professional email address from a name and company.
  </Card>

  <Card title="Verify an email" icon="circle-check" href="/api-reference/email-verifier/verify-single">
    Check whether an email address is valid and deliverable.
  </Card>

  <Card title="Credits & billing" icon="coins" href="/credits-billing">
    See how credits are consumed for each endpoint.
  </Card>

  <Card title="Rate limits" icon="gauge-high" href="/rate-limits">
    Understand the API request limits before scaling up.
  </Card>
</CardGroup>
