> ## Documentation Index
> Fetch the complete documentation index at: https://developer.salesforge.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with Forge product APIs using a shared API key mechanism.

All Forge product APIs use the same authentication pattern.

Send your API key in the Authorization header as a bearer token.

```http theme={null}
Authorization: Bearer YOUR_API_KEY
```

<Warning>
  API keys are product-specific and not interchangeable.

  A Mailforge API key only works with Mailforge APIs.
  A Salesforge API key only works with Salesforge APIs.
  You cannot use a Mailforge API key to access Salesforge or Primeforge APIs.
</Warning>

## How authentication works across products

1. Generate an API key for the specific Forge product you are integrating.
2. Use that key in the Authorization header for that product API requests.
3. Handle standard auth failures such as missing, invalid, or out-of-scope keys.

## Request examples

Use placeholders so you can apply the same pattern to any Forge product.

<CodeGroup>
  ```bash theme={null}
  curl -sS "$PRODUCT_API_BASE_URL/your-endpoint" \
    -H "Authorization: Bearer $PRODUCT_API_KEY"
  ```

  ```javascript theme={null}
  const response = await fetch(`${process.env.PRODUCT_API_BASE_URL}/your-endpoint`, {
    headers: {
      Authorization: `Bearer ${process.env.PRODUCT_API_KEY}`
    }
  });

  console.log(await response.json());
  ```

  ```go theme={null}
  package main

  import (
    "net/http"
    "os"
  )

  func main() {
    req, _ := http.NewRequest(
      http.MethodGet,
      os.Getenv("PRODUCT_API_BASE_URL")+"/your-endpoint",
      nil,
    )
    req.Header.Set("Authorization", "Bearer "+os.Getenv("PRODUCT_API_KEY"))

    _, _ = http.DefaultClient.Do(req)
  }
  ```
</CodeGroup>

## Common authentication errors

| HTTP status | Typical reason                                                      |
| ----------- | ------------------------------------------------------------------- |
| 401         | Missing or invalid API key                                          |
| 403         | API key is valid but does not have access to the requested resource |

## Next steps

* Apply [Security best practices](/authentication/security-best-practices).
