> ## Documentation Index
> Fetch the complete documentation index at: https://developer.onecodex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Getting started with secure access to the One Codex API

The One Codex API supports two methods of authentication. Only secure connections (HTTPS) are allowed.

### HTTP Basic Auth

Use your API key as the username and an empty password:

<CodeGroup>
  ```shell curl theme={null}
  curl https://app.onecodex.com/api/v1/schema -u $ONE_CODEX_API_KEY:
  ```

  ```shell httpie theme={null}
  http --auth $ONE_CODEX_API_KEY: https://app.onecodex.com/api/v1/schema
  ```
</CodeGroup>

### API Key Header

Alternatively, you can pass your API key in the `X-API-Key` header:

<CodeGroup>
  ```shell curl theme={null}
  curl https://app.onecodex.com/api/v1/schema -H "X-API-Key: $ONE_CODEX_API_KEY"
  ```

  ```shell httpie theme={null}
  http https://app.onecodex.com/api/v1/schema X-API-Key:$ONE_CODEX_API_KEY
  ```
</CodeGroup>

Both methods are equivalent. The API key header approach is what the API playground examples on this site use.

As our API supports access to public samples, projects, and analyses, unauthenticated access *is* permitted and may return empty result sets rather than a `401`. If you see empty result sets, check that you're properly authenticated by accessing a protected resource, e.g., a private Sample owner by your account or the Account info resource ([https://app.onecodex.com/api/v1/account](https://app.onecodex.com/api/v1/account)).

Unauthenticated requests against protected routes will return a `401 Unauthorized`. Unauthorized requests will return a `403 Forbidden`. Unauthenticated or unauthorized requests for a protected resource (i.e., a private sample) may return a `404 Not Found` in order to not expose the existence of private records.

<CodeGroup>
  ```json json theme={null}
  {
      "message": "The server could not verify that you are authorized to access the URL requested.  You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.",
      "status": 401
  }
  ```
</CodeGroup>

<Warning>
  Your API key is effectively a plain text password for accessing your uploads and analyses. Please keep it secure! If you lose your key, accidentally publish it to GitHub or another public place, or otherwise believe it could have been compromised, simply generate a new API key in the [Settings](https://app.onecodex.com/settings) pane of the One Codex web application. This will automatically revoke your old key.

  Our API servers also support [JWT](https://jwt.io/)-based authentication, which offer different security and usability tradeoffs. We plan to make JWT token generation available via the [Settings](https://app.onecodex.com/settings) page in the near future.
</Warning>

## Locating your API key

You can find your API key under the Settings menu in the top-right corner of the One Codex web application:

<img src="https://mintcdn.com/onecodex/DiToQ9fYtYBO3lRU/images/api/settings_menu.png?fit=max&auto=format&n=DiToQ9fYtYBO3lRU&q=85&s=ec7f28d08eadfd849f8a2bb8a507094c" alt="488" width="488" height="288" data-path="images/api/settings_menu.png" />

Within the [Settings](https://app.onecodex.com/settings) menu, you should see a panel called Account Info & Security. Click the button under "Your API Key" to reveal your key. Again, keep this key secret!

<img src="https://mintcdn.com/onecodex/DiToQ9fYtYBO3lRU/images/api/api_settings.png?fit=max&auto=format&n=DiToQ9fYtYBO3lRU&q=85&s=797398682401bc79101034b25c188265" alt="1726" width="1726" height="1454" data-path="images/api/api_settings.png" />

## Generating a new API key

If you lose access to your API key, accidentally publish it in a public place, or otherwise need to replace it, you can simply regenerate a new key on the [Settings](https://app.onecodex.com/settings) page:

<img src="https://mintcdn.com/onecodex/DiToQ9fYtYBO3lRU/images/api/generate_new_api_key.png?fit=max&auto=format&n=DiToQ9fYtYBO3lRU&q=85&s=5afb8656b5d479ff7fdc79cdc341c954" alt="1716" width="1716" height="1448" data-path="images/api/generate_new_api_key.png" />

**Please note:** You will need to update any code, configuration files, or environmental variables using the key.
