> ## Documentation Index
> Fetch the complete documentation index at: https://docs.starkfi.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication
> Learn how to authenticate with the StarkFi API
StarkFi API uses API keys to authenticate requests. Include your API key in the `x-api-key` header on every request, including configuration routes such as [`GET /config/products`](/products) and the [Quote](/quote) service. Your API keys carry many privileges, so be sure to keep them secure!
**Base URL:** `https://api.starkfi.io`
Use the paths exactly as shown in this documentation — for example `GET /yield/strategies`, `POST /payment/register/intents-create-order`.
## Getting an API Key
Create an account at [starkfi.io](https://starkfi.io)
KYC/KYB is required for **financial transactions** with fiat payment methods. **Checkout (order)** flows and pure **crypto** transactions do not require verification. See [StarkPay overview](/starkpay).
Create your account –– Follow the link [https://dashboard.starkfi.io](https://dashboard.starkfi.io)
Copy your API key immediately - you won’t be able to see it again!
**Keep your API keys secure!** Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.
### Using your API Key
Include your API key in the `x-api-key` header with every request:
```javascript Typescript/Javascript theme={null}
import axios from 'axios'
const starkfi = axios.create({
baseURL: 'https://api.starkfi.io',
headers: {
'x-api-key': process.env.STARKFI_API_KEY
}
})
// Make authenticated request
const response = await starkfi.get('/payment/:id/status')
console.log(response.data)
```
```python Python theme={null}
import os
import requests
session = requests.Session()
session.headers.update({
'x-api-key': os.environ['STARKFI_API_KEY']
})
# Make authenticated request
response = session.get('https://api.starkfi.io/yield/strategies')
data = response.json()
print(data)
```
```go Go theme={null}
package main
import (
"fmt"
"net/http"
"os"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("GET", "https://api.starkfi.io/yield/strategies", nil)
// Set API key header
req.Header.Set("x-api-key", os.Getenv("STARKFI_API_KEY"))
resp, _ := client.Do(req)
defer resp.Body.Close()
fmt.Println(resp.Status)
}
```
```rust Rust theme={null}
use reqwest::Client;
use std::env;
#[tokio::main]
async fn main() -> Result<(), reqwest::Error> {
let api_key = env::var("STARKFI_API_KEY")
.expect("STARKFI_API_KEY not set");
let client = Client::new();
// Make authenticated request
let response = client
.get("https://api.starkfi.io/yield/strategies")
.header("x-api-key", api_key)
.send().await?
.json::().await?;
println!("{:?}", response);
Ok(())
}
```
```php PHP theme={null}
true,
CURLOPT_HTTPHEADER => [
'x-api-key: ' . $apiKey,
'Content-Type: application/json'
]
]);
// Make authenticated request
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
var_dump($response);
```
Store your API key in a secure server-side environment variable (e.g. `STARKFI_API_KEY`). Do not expose it in frontend code or commit it to git.
### Common API Response Errors
### Rate Limits
API keys are subject to rate limits to ensure fair usage:
* **600 requests per minute** per API key
* **Unlimited** number of requests **per month**.
### **Handling Rate Limits**
When you exceed the rate limit, you’ll receive a`429 Too Many Requests`response:
```json theme={null}
{
"code": 429,
"message": "Too many requests. The limit is 600 request per minute and 10 requests per second.",
"docs": "https://docs.starkfi.io/"
}
```
#### Unauthorized or API Key Invalid
Your request was rejected by the server. This error can have multiple causes:
1. Invalid or expired API Key
The API key provided may be incorrect, expired, or has been revoked. Please verify your key is active in the dashboard.
2. Wrong header format
The API key must be sent in the request header exactly as:
x-api-key: YOUR\_KEY
Any variation (e.g. Authorization, api\_key, X-API-Key) will result in this error.
```json theme={null}
{
"code": 403,
"message": "Access denied. A valid API Key is required.",
"docs": "https://docs.starkfi.io/"
}
```