> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bitrace.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Bitrace AML API

# Authentication

All Bitrace AML API requests require authentication using an API key.

## API Key

You authenticate requests by including your API key in the `X-Access-Key` header.

<Warning>
  Keep your API key secure! Never share it in public repositories or client-side code.
</Warning>

## Making Authenticated Requests

Include your API key in the request header:

```bash theme={null}
curl -X GET 'https://api.bitrace.io/api/v1/tracker/kya/entities?address=0x123&network=eth' \
  --header 'X-Access-Key: YOUR_API_KEY' \
  --header 'Accept: application/json'
```

## Security Best Practices

1. **Environment Variables**: Store your API key in environment variables
   ```bash theme={null}
   export BITRACE_API_KEY="your_api_key_here"
   ```

2. **Never commit API keys**: Add `.env` files to your `.gitignore`

3. **Rotate keys regularly**: Periodically update your API keys

4. **Use different keys for dev/prod**: Use separate API keys for development and production environments

5. **Monitor usage**: Keep track of your API usage to detect any unauthorized access

## Error Handling

If your API key is invalid or missing, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "code": 401,
  "msg": "Incorrect API key provided.",
  "status": "ERROR",
  "success": false
}
```

***
