> ## Documentation Index
> Fetch the complete documentation index at: https://docs.1to1ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your requests to the 1TO1 AI Public API.

The API uses **Bearer tokens** (API keys). Every request carries your key in
the `Authorization` header.

## The API key

The API key is issued from the dashboard, under **Settings → API**. It has the
`sk_1to1_` prefix.

```bash theme={null}
Authorization: Bearer sk_1to1_your_api_key
```

<Warning>
  The API key grants full access to your business's conversations. Keep it as a
  secret — never put it in client-side code or commit it to a repository.
</Warning>

## The business slug

Every endpoint includes your business's `{slug}` in the URL:

```
https://app.1to1.ai/api/v1/public/{slug}/...
```

The API key and the `slug` must belong to the **same business**. Each business
is isolated: an API key never accesses another's data — if they don't match,
the API responds `403 TOKEN_BUSINESS_MISMATCH`.

## Authentication errors

<AccordionGroup>
  <Accordion title="INVALID_API_TOKEN — 401" icon="key">
    The API key is missing, malformed, or does not exist. Check that the
    `Authorization` header is present and has the format `Bearer sk_1to1_...`.
  </Accordion>

  <Accordion title="TOKEN_BUSINESS_MISMATCH — 403" icon="ban">
    The API key is valid but does not belong to the business of the `slug` in
    the URL. Use the `slug` of the same business that issued the key.
  </Accordion>
</AccordionGroup>
