> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sudoapp.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Headers & Auth

> API Authentication & Headers

Sudo uses **Bearer token** authentication. Every request must include your secret API key in the `Authorization` header:

```
Authorization: Bearer <SUDO_API_KEY>
```

You can create and manage keys within apps from the **Developer Portal → My AI Apps** section.

<Warning>Treat your keys like passwords. Do **not** commit them to version-control or expose them in front-end code.</Warning>

***

## Using an API key

<CodeGroup>
  ```typescript title="JavaScript / TypeScript" theme={null}
  fetch('https://sudoapp.dev/api/v1/chat/completions', {
    method: 'POST',
    headers: {
      Authorization: 'Bearer <SUDO_API_KEY>',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      model: 'gpt-4o',
      messages: [{ role: 'user', content: 'Hello!' }],
    }),
  });
  ```

  ```python title="Python" theme={null}
  import requests, json

  url = 'https://sudoapp.dev/api/v1/chat/completions'
  headers = {
      'Authorization': 'Bearer <SUDO_API_KEY>',
      'Content-Type': 'application/json',
  }

  payload = {
      'model': 'gpt-4o',
      'messages': [{ 'role': 'user', 'content': 'Hello!' }],
  }

  r = requests.post(url, headers=headers, data=json.dumps(payload))
  print(r.json())
  ```

  ```shell title="curl" theme={null}
  curl https://sudoapp.dev/api/v1/chat/completions \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $SUDO_API_KEY" \
    -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello!"}]}'
  ```
</CodeGroup>

***

### Rotating or revoking keys

If a key is ever exposed you can disable or delete it from the portal and generate a new one immediately. Requests bearing a revoked key will receive a `401` error.

***

### Minimum headers

Only two headers are required:

| Header          | Example            | Notes    |
| --------------- | ------------------ | -------- |
| `Authorization` | `Bearer sk-abc123` | Required |
| `Content-Type`  | `application/json` | Required |
