> ## Documentation Index > Fetch the complete documentation index at: https://docs.timberlogs.dev/llms.txt > Use this file to discover all available pages before exploring further. # Authentication > API key authentication for the Timberlogs API. Timberlogs uses API Keys for authentication. ## API Keys API keys are the recommended method for server-side applications and SDKs. ### Key Format API keys follow the format: `tb_{environment}_{random}` * `tb_live_*` - Production keys * `tb_test_*` - Test/development keys ### Using API Keys Include your API key in the `Authorization` header: ```bash theme={null} curl -X POST https://timberlogs-ingest.enaboapps.workers.dev/v1/logs \ -H "Authorization: Bearer tb_live_xxxxxxxxxxxxx" \ -H "Content-Type: application/json" \ -d '{"logs": [...]}' ``` Or use the `X-API-Key` header: ```bash theme={null} curl -X POST https://timberlogs-ingest.enaboapps.workers.dev/v1/logs \ -H "X-API-Key: tb_live_xxxxxxxxxxxxx" \ -H "Content-Type: application/json" \ -d '{"logs": [...]}' ``` ### Creating API Keys 1. Sign in to [app.timberlogs.dev](https://app.timberlogs.dev) 2. Select your workspace 3. Navigate to **Settings > API Keys** 4. Click **Create API Key** 5. Store the key securely - it's only shown once ### Key Security * Keys are hashed before storage (we never store the raw key) * Use environment variables to store keys in your applications * Rotate keys periodically * Revoke compromised keys immediately ## Error Responses ### 401 Unauthorized ```json theme={null} { "error": "Missing API key" } ``` **How to resolve:** Check that the `Authorization` or `X-API-Key` header is included in your request. ```json theme={null} { "error": "Invalid API key" } ``` **How to resolve:** Verify the key format (`tb_live_*` / `tb_test_*`) and that it was copied correctly. If in doubt, generate a new key in **Settings > API Keys**. ```json theme={null} { "error": "API key has been revoked" } ``` **How to resolve:** This key has been revoked and can no longer be used. Create a new key in the dashboard under **Settings > API Keys**. ```json theme={null} { "error": "API key has expired" } ``` **How to resolve:** This key has expired. Create a new key in the dashboard under **Settings > API Keys**. ### 403 Forbidden ```json theme={null} { "error": "Access denied to workspace" } ``` **How to resolve:** The API key does not have access to the specified workspace. Verify the key belongs to the correct workspace. ```json theme={null} { "error": "User has no workspace" } ``` **How to resolve:** The account associated with this request has no workspace. Create or join a workspace in the dashboard. ### 404 Not Found ```json theme={null} { "error": "Workspace not found" } ``` **How to resolve:** The workspace ID doesn't exist. Double-check the `workspaceId` value in your request. ## Best Practices 1. **Store keys securely** - Never commit API keys to version control 2. **Use different keys per environment** - Separate test and production keys 3. **Rotate keys regularly** - Especially after team changes 4. **Revoke compromised keys immediately** - Generate a new key in the dashboard