> ## Documentation Index
> Fetch the complete documentation index at: https://help.trykarat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate requests to the Karat Payout API by passing your API key as a bearer token, and manage keys from the Karat dashboard.

The Payout API authenticates every request with an API key passed as a bearer
token. Requests without a valid key return `401 Unauthorized`.

## Generate an API key

API keys are managed from your Karat dashboard under **Settings**. From there
you can:

* Generate a new key
* View your existing keys
* Revoke a key that may have been compromised

<Warning>
  Your API key is shown only once at creation time. Copy it and store it
  somewhere secure immediately — you can't retrieve it again later.
</Warning>

## Authorize requests

Include your key in the `Authorization` header as a bearer token on every
request:

```bash theme={null}
curl https://payouts.api.trykarat.com/recipients \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## Storing keys securely

* Never commit API keys to source control or embed them in client-side code.
* Load keys from environment variables or a secrets manager.
* Use separate keys for sandbox and production.
* Rotate keys periodically, and revoke any key that may be exposed.

<Note>
  Each key is scoped to the organization and user that created it. Revoking a
  key takes effect immediately for all future requests.
</Note>
