> ## Documentation Index
> Fetch the complete documentation index at: https://docs.orova.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create and manage API keys for programmatic access

## Overview

API keys let you authenticate with the Orova API from your server or the embeddable widget. They're an alternative to JWT tokens for server-to-server communication.

## Create an API key

<Steps>
  <Step title="Go to Settings">
    In the dashboard, navigate to **Settings → API Keys**.
  </Step>

  <Step title="Create a key">
    Click **Create API Key** and give it a descriptive name.
  </Step>

  <Step title="Copy the key">
    Copy the key immediately — it's only shown once.
  </Step>
</Steps>

## Using API keys

Include the key in the `x-api-key` header:

```bash theme={null}
curl https://app.orova.ai/api/agents \
  -H "x-api-key: sk_live_abc123..."
```

Or in the widget:

```html theme={null}
<script
  src="https://app.orova.ai/widget/orova-widget.js"
  data-api-key="sk_live_abc123..."
  ...
></script>
```

## Security best practices

* Never expose API keys in client-side JavaScript (except the widget `data-api-key`)
* Rotate keys periodically
* Use separate keys for different environments (dev, staging, production)
* Delete unused keys promptly