> ## Documentation Index
> Fetch the complete documentation index at: https://docs.heychocolate.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API authentication reference for the Hey Chocolate GraphQL API.

## Authentication header

Include your API key in the `X-API-Key` header:

```bash theme={null}
curl -X POST https://api.heychocolate.com/graphql \
  -H "Content-Type: application/json" \
  -H "X-API-Key: sk_live_your_key_here" \
  -d '{"query": "{ me { id name tier } }"}'
```

## Verifying your key

```graphql theme={null}
query {
  me {
    id
    name
    email
    organization {
      id
      name
      tier
    }
    apiKey {
      prefix
      createdAt
      lastUsedAt
      permissions
    }
  }
}
```

## Error responses

### Missing API key

```json theme={null}
{
  "errors": [
    {
      "message": "Authentication required. Provide a valid API key via the X-API-Key header.",
      "extensions": { "code": "UNAUTHENTICATED" }
    }
  ]
}
```

### Invalid API key

```json theme={null}
{
  "errors": [
    {
      "message": "Invalid API key.",
      "extensions": { "code": "INVALID_API_KEY" }
    }
  ]
}
```

### Insufficient permissions

```json theme={null}
{
  "errors": [
    {
      "message": "Your API key does not have permission to access this resource. Required tier: Growth",
      "extensions": { "code": "FORBIDDEN", "requiredTier": "GROWTH" }
    }
  ]
}
```

## Key prefixes

| Prefix        | Environment |
| ------------- | ----------- |
| `sk_live_`    | Production  |
| `sk_sandbox_` | Sandbox     |

For detailed authentication setup, see the [Authentication Guide](/platform/authentication).
