> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getdeckle.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Deckle API.

# Authentication

All API requests require a valid API key passed in the `Authorization` header.

## API Keys

API keys start with `dk_live_` and are created from the [dashboard](https://app.getdeckle.dev/keys).

```bash theme={null}
curl -X POST https://api.getdeckle.dev/v1/generate \
  -H "Authorization: Bearer dk_live_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"html": "<h1>Hello</h1>"}'
```

## SDK Authentication

<CodeGroup>
  ```typescript TypeScript theme={null}
  import { Deckle } from '@getdeckle/sdk';
  const df = new Deckle(process.env.DECKLE_API_KEY);
  ```

  ```python Python theme={null}
  from deckle import Deckle
  df = Deckle("dk_live_...")
  ```
</CodeGroup>

## Security Best Practices

* **Never expose API keys in client-side code** — always use server-side API calls or environment variables
* **Rotate keys regularly** — create new keys and revoke old ones from the dashboard
* **Use separate keys for development and production**
* **Keys are hashed** — we never store your API key in plaintext

## Rate Limits

| Plan       | Rate Limit          |
| ---------- | ------------------- |
| Free       | 10 requests/second  |
| Starter    | 100 requests/second |
| Pro        | 100 requests/second |
| Enterprise | 500 requests/second |

When rate limited, the API returns `429 Too Many Requests` with a `Retry-After` header.
