> ## Documentation Index
> Fetch the complete documentation index at: https://docs.swippee.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How Swippee API keys, scopes, and bearer authentication work.

All requests require a Bearer token. Create one in the
[dashboard](https://swippee.com/dashboard).

```
Authorization: Bearer swippee_sk_live_xxxxxxxxxxxxxxxx
```

<Warning>
  Keys are shown **exactly once** at creation. Swippee only stores a SHA-256
  hash — a lost key can't be recovered, only revoked and replaced.
</Warning>

## Scopes

| Scope       | Can do                                                          |
| ----------- | --------------------------------------------------------------- |
| `READ_ONLY` | Fetch existing reports and read public datasets. No parsing.    |
| `FULL`      | Everything — parse, enrich, resolve merchants, manage consents. |

Issue read-only keys for backend services that only need to fetch reports they
didn't create.

## Quotas

* **Parse** calls draw from your monthly parse quota (per organization).
* **Swippee Data** calls draw from a separate Data API quota
  (500 on Sandbox, 2,500 on Growth, 5,000 on Scale).
* Reading product views on a report you already parsed is **free**.

Check your current usage any time:

```bash theme={null}
curl https://api.swippee.com/v1/usage \
  -H "Authorization: Bearer $SWIPPEE_API_KEY"
```

## Errors

Auth failures return a structured error with an HTTP status. See
[Errors](/concepts/errors) for the full taxonomy.

```json theme={null}
{ "error": { "code": "invalid_api_key", "message": "Key does not exist." } }
```
