> ## Documentation Index
> Fetch the complete documentation index at: https://docs.argyros.xyz/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication — API keys & the Authorization header
> Authenticate Argyros API requests with an API key using the Authorization: Bearer header. How to get a key, use it from the SDK, widget, and WebSocket, and keep it secure.
Every request to the Argyros API (`https://api.argyros.xyz`) is authenticated with an API key.
Keys look like `argy_` followed by a long hex string, and you send them in the standard
`Authorization: Bearer` header.
Argyros is **free during beta** — there are no paid tiers yet. You still need a key so we can
apply [rate limits](/api-reference/rate-limits) and keep the service healthy.
## Get an API key
During beta, keys are issued in our community Discord. Join and ask in the
developer channel — keys are granted at no cost.
Join the Argyros Discord and request a key.
Never hard-code a key in source. Keep it in an environment variable:
```bash theme={"theme":"github-dark"}
export ARGYROS_KEY="argy_your_key_here"
```
## Authenticate a request
Send your key in the `Authorization` header on every request:
```bash cURL theme={"theme":"github-dark"}
curl "https://api.argyros.xyz/api/v1/quote?inputMint=So11111111111111111111111111111111111111112&outputMint=uSd2czE61Evaf76RNbq4KPpXnkiL3irdzgLFUMe3NoG&amount=1000000000&swapMode=ExactIn" \
-H "Authorization: Bearer $ARGYROS_KEY"
```
```typescript TypeScript theme={"theme":"github-dark"}
const res = await fetch(
"https://api.argyros.xyz/api/v1/quote?inputMint=So11...&outputMint=uSd2...&amount=1000000000&swapMode=ExactIn",
{ headers: { Authorization: `Bearer ${process.env.ARGYROS_KEY}` } },
);
```
```python Python theme={"theme":"github-dark"}
import os, requests
res = requests.get(
"https://api.argyros.xyz/api/v1/quote",
params={
"inputMint": "So11111111111111111111111111111111111111112",
"outputMint": "uSd2czE61Evaf76RNbq4KPpXnkiL3irdzgLFUMe3NoG",
"amount": "1000000000",
"swapMode": "ExactIn",
},
headers={"Authorization": f"Bearer {os.environ['ARGYROS_KEY']}"},
)
```
## SDK and widget
The [SDK](/sdk/configuration) and [widget](/widget/attributes) take the key directly — you don't
set headers yourself.
```typescript SDK theme={"theme":"github-dark"}
import { ArgyrosSDK } from "@argyros/sdk";
const sdk = new ArgyrosSDK({ apiKey: process.env.ARGYROS_KEY });
```
```html Widget theme={"theme":"github-dark"}
```
## WebSocket streaming
Browsers can't set custom headers on a WebSocket connection, so the streaming endpoint accepts the
key as a `key` query parameter instead:
```text theme={"theme":"github-dark"}
wss://api.argyros.xyz/api/v1/stream?key=argy_your_key_here
```
## Keep your key secret
A key grants access under your account's rate limits. Treat it like a password.
* **Server-side keys stay on the server.** Don't commit keys to git or ship them in a public repo.
* **Browser and widget usage exposes the key** in client code. For client-side embeds, use a key
you've provisioned for that purpose and rotate it if it leaks.
* **Rotate compromised keys** by requesting a new one and retiring the old.
## Errors
A missing or invalid key returns an authentication error:
| Status | Meaning |
| ------------------ | ----------------------------------------- |
| `401 Unauthorized` | No API key was provided. |
| `403 Forbidden` | The key is invalid, disabled, or revoked. |
The SDK surfaces these as `AuthError` — see [SDK error handling](/sdk/error-handling). For
throughput limits and the `429` response, see [Rate limits](/api-reference/rate-limits).