> ## Documentation Index
> Fetch the complete documentation index at: https://messages.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API keys and authenticating requests

## Getting an API key

API keys are created from your [Messages.dev dashboard](https://app.messages.dev).

1. Go to **API Keys** in the sidebar
2. Click **Create Key**
3. Give it a name and copy the key. It starts with `sk_live_` and is only shown once

<Warning>
  Store your API key securely. It won't be displayed again after creation.
  If you lose it, revoke it and create a new one.
</Warning>

## Authenticating requests

<CodeGroup>
  ```typescript TypeScript theme={"theme":{"light":"github-light","dark":"github-dark-high-contrast"}}
  import { createClient } from "@messages-dev/sdk";

  const client = createClient();

  const client = createClient({ apiKey: "sk_live_..." });
  ```

  ```bash curl theme={"theme":{"light":"github-light","dark":"github-dark-high-contrast"}}
  curl https://api.messages.dev/v1/lines \
    -H "Authorization: Bearer sk_live_..."
  ```
</CodeGroup>

## Scopes

Each API key has **scopes** that control which endpoints it can access.

| Scope             | Grants access to                     |
| ----------------- | ------------------------------------ |
| `messages:read`   | GET /messages                        |
| `messages:write`  | POST /messages, POST /audio-messages |
| `chats:read`      | GET /chats                           |
| `lines:read`      | GET /lines                           |
| `reactions:read`  | GET /reactions                       |
| `reactions:write` | POST /reactions                      |
| `typing:read`     | GET /typing                          |
| `typing:write`    | POST /typing                         |
| `receipts:read`   | GET /receipts                        |
| `receipts:write`  | POST /receipts                       |
| `webhooks:read`   | GET /webhooks                        |
| `webhooks:write`  | POST, DELETE /webhooks               |
| `outbox:read`     | GET /outbox                          |
| `files:read`      | GET /files                           |
| `files:write`     | POST /files                          |

## Line restrictions

API keys can be restricted to specific lines. A line-restricted key can only
read and write data for its allowed lines. Requests to other lines return `403`.

This is useful when you have multiple integrations or want to limit blast radius.
You can configure line restrictions when creating a key in the dashboard.

<Info>
  All API keys automatically have access to the [sandbox line](/concepts/sandbox), regardless of line restrictions.
</Info>

## Errors

| Scenario                   | Status | Code                  |
| -------------------------- | ------ | --------------------- |
| No `Authorization` header  | 401    | `missing_api_key`     |
| Invalid or revoked key     | 401    | `invalid_api_key`     |
| Key lacks required scope   | 403    | `insufficient_scope`  |
| Key can't access this line | 403    | `line_not_accessible` |
