> ## Documentation Index
> Fetch the complete documentation index at: https://docs.naga.ac/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Understand how to authenticate primary inference requests and administrative account operations.

Most requests use your standard API key. Only account endpoints under `/v1/account/*` use a provisioning key.

If you only need to call models, generate embeddings, create images, or use the chat-compatible APIs, your normal API key is enough.

## Which key do I use?

| Request type                                         | Use this key     |
| ---------------------------------------------------- | ---------------- |
| Most API requests to models and generation endpoints | Standard API key |
| Administrative requests under `/v1/account/*`        | Provisioning key |

## Standard API requests

Endpoints like `Responses`, `Embeddings`, `Images`, `Audio`, `Moderations`, `Chat Completions`, and `Messages` accept your standard API key.

You can send it in either header:

```bash theme={null}
Authorization: Bearer YOUR_API_KEY
x-api-key: YOUR_API_KEY
```

Use one header style consistently inside your application. `Authorization: Bearer` is the best default unless you already rely on `x-api-key`.

## Account endpoints

Endpoints under `/v1/account/*` require a provisioning key instead of a regular inference key.

Use it in the bearer header:

```bash theme={null}
Authorization: Bearer YOUR_PROVISIONING_KEY
```

These endpoints power administrative actions such as:

* checking account balance
* retrieving account activity
* creating and managing API keys

See [Account Management](/account/account-management) for workflows built on top of those endpoints.

## Public or optional-auth endpoints

* `GET /v1/models` can be called anonymously or with standard API auth.
* `GET /v1/startups` is public metadata and does not require auth.

## Standard request example

<CodeGroup>
  ```python Python theme={null}
  import requests

  response = requests.post(
      "https://api.naga.ac/v1/responses",
      headers={
          "Authorization": "Bearer YOUR_API_KEY",
          "Content-Type": "application/json",
      },
      json={
          "model": "gpt-4.1-mini",
          "input": "Say hello.",
      },
  )
  response.raise_for_status()

  print(response.json()["output"][0]["content"][0]["text"])
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.naga.ac/v1/responses', {
    method: 'POST',
    headers: {
      Authorization: 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      model: 'gpt-4.1-mini',
      input: 'Say hello.',
    }),
  });

  if (!response.ok) {
    throw new Error(`Request failed: ${response.status}`);
  }

  const data = await response.json();
  console.log(data.output[0].content[0].text);
  ```

  ```bash cURL theme={null}
  curl https://api.naga.ac/v1/responses \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"model":"gpt-4.1-mini","input":"Say hello."}'
  ```
</CodeGroup>

If you prefer `x-api-key`, the same request works with:

```bash theme={null}
x-api-key: YOUR_API_KEY
```

## Account request example

For provisioning-key-protected account endpoints, use the same bearer pattern:

<CodeGroup>
  ```python Python theme={null}
  import requests

  response = requests.get(
      "https://api.naga.ac/v1/account/balance",
      headers={"Authorization": "Bearer YOUR_PROVISIONING_KEY"},
  )
  response.raise_for_status()

  print(response.json()["balance"])
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.naga.ac/v1/account/balance', {
    headers: {
      Authorization: 'Bearer YOUR_PROVISIONING_KEY',
    },
  });

  if (!response.ok) {
    throw new Error(`Request failed: ${response.status}`);
  }

  const data = await response.json();
  console.log(data.balance);
  ```

  ```bash cURL theme={null}
  curl https://api.naga.ac/v1/account/balance \
    -H "Authorization: Bearer YOUR_PROVISIONING_KEY"
  ```
</CodeGroup>

## Common Mistakes

| Problem                                   | Likely cause                                        | Fix                                              |
| ----------------------------------------- | --------------------------------------------------- | ------------------------------------------------ |
| `401 Unauthorized` on inference endpoints | Missing or invalid API key                          | Recreate or resend a standard API key            |
| `401 Unauthorized` on `/v1/account/*`     | Used a normal API key instead of a provisioning key | Use the provisioning key from the dashboard      |
| Request works in one SDK but not another  | Mixed `base_url` or header configuration            | Ensure requests go to `https://api.naga.ac/v1`   |
| Browser-side key leakage risk             | API key embedded in client-side code                | Move calls behind your server or trusted backend |

## Related Reference Pages

* [Create response](/api-reference/endpoints/responses/create)
* [List API keys](/api-reference/endpoints/account/api-keys/list)
* [Get account balance](/api-reference/endpoints/account/balance)
* [List models](/api-reference/endpoints/models/list)
