> ## Documentation Index
> Fetch the complete documentation index at: https://support.i.moneyforward.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> AI Helpdesk API access requires an API key. Include the key in the `X-API-Key` header on every request.

## Obtaining API Keys

1. Log in to the [Admina dashboard](https://assist.i.moneyforward.com/)
2. Select **Settings** from the top-right user settings menu
3. Choose **API Keys** in the left navigation menu
4. Click the **Create New API Key** button
5. Enter a name for the API key and set an expiration date if necessary
6. Click the **Create** button to generate the API key
7. Copy and save the displayed API key in a secure location

Issued API keys begin with the `mb_live_` prefix and are about 47 characters long (e.g. `mb_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`).

<Info>
  The API key is displayed only once. Be sure to save it in a secure location.
</Info>

## Adding Authentication to Requests

All API requests must include the API key in the `X-API-Key` header.

### Header Format

```text theme={null}
X-API-Key: YOUR_API_KEY
```

### Example with cURL

```bash theme={null}
curl -H "X-API-Key: YOUR_API_KEY" \
  https://assist.i.moneyforward.com/api/v1/sessions
```

### Example with JavaScript

```javascript theme={null}
const response = await fetch('https://assist.i.moneyforward.com/api/v1/sessions', {
  headers: {
    'X-API-Key': 'YOUR_API_KEY'
  }
});
```

## Security Best Practices

* Do not embed API keys in source code or client-side code
* Use environment variables or secret management systems to manage API keys
* Delete API keys that are no longer needed
* Consider rotating API keys regularly
* Monitor for API access from unexpected locations

## Authentication Errors

When the `X-API-Key` header is missing or invalid, the API returns HTTP 401 with the following body:

```json theme={null}
{
  "ok": false,
  "error": "Missing or invalid API key"
}
```

If you see this error, verify the `X-API-Key` header value and whether the key has expired.
