> ## Documentation Index
> Fetch the complete documentation index at: https://docs.taptalent.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Learn how to authenticate with the Taptalent Partner API using API keys

The Taptalent Partner API uses API keys to authenticate requests. API keys are scoped to your company and provide secure access to the Partner API endpoints.

## API Key Format

API keys follow this format:

* **Production**: `sk_live_` followed by 22 base62 characters
* **Test/Staging**: `sk_test_` followed by 22 base62 characters

Example: `sk_live_AbCdEfGhIjKlMnOpQrStUv`

## Authentication Method

All API requests must include your API key in the `Authorization` header using Bearer token authentication:

```
Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUv
```

## Generating API Keys

API keys are generated through the TapTalent dashboard:

1. Log in to your [Taptalent Dashboard](https://client.taptalent.io/dashboard)
2. Navigate to **Account Settings** > **Developers** > **API Key Management**
3. Click **[Generate API Key](https://client.taptalent.io/pages/account-settings?tab=9)**
4. Copy the API key immediately - it will only be shown once

<Warning>
  API keys are sensitive credentials. Store them securely and never expose them in client-side code or public repositories. Treat them like passwords.
</Warning>

## Request Format

### Headers

All API requests must include:

* `Authorization: Bearer YOUR_API_KEY` - Your API key
* `Content-Type: application/json` - For POST/PUT requests

### Example Request

```bash theme={null}
curl -X GET "https://partner-api.taptalent.io/v1/partner/jobs/job-id" \
  -H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUv" \
  -H "Content-Type: application/json"
```

## API Key Management

API keys can only be created, regenerated, and managed through the TapTalent dashboard. The Partner API provides a read-only endpoint to check your API key status.

<Info>
  API key creation and management operations are not available via the Partner API. You must use the TapTalent dashboard to generate, regenerate, activate, or deactivate API keys.
</Info>

### API Key Status

You can activate or deactivate your API Key from Dashboard.
Once deactivated, all API calls using that API key will be prohibited.

## Security Best Practices

### Store Keys Securely

* **Never** commit API keys to version control
* Use environment variables or secure secret management systems
* Use different keys for different environments (dev, staging, production)

### Rotate Keys Regularly

* Change your API keys periodically for security
* Regenerate keys if you suspect they've been compromised
* Deactivate unused keys immediately

### Monitor Usage

* Regularly check your API usage in the dashboard
* Set up alerts for unusual activity
* Review access logs regularly

### Environment Isolation

* Use `sk_test_` keys for development and testing
* Use `sk_live_` keys only in production
* Never mix test and production keys

## Error Responses

### Invalid API Key

If you receive a `401 Unauthorized` or `403 Forbidden` error:

```json theme={null}
{
  "message": "Invalid API key"
}
```

**Common causes**:

* API key is incorrect or missing
* API key has been revoked or deactivated
* Using wrong Bearer token format

### Inactive Subscription

If your subscription is inactive:

```json theme={null}
{
  "code": "ACCOUNT_INACTIVE",
  "message": "Your subscription is inactive. Please renew your plan to continue using this feature."
}
```

**Solution**: Renew your TapTalent subscription to continue using the API.

### API Key Not Found

When fetching API key status:

```json theme={null}
{
  "message": "API key not found",
  "isApiKeyExists": false
}
```

**Solution**: Generate a new API key through the dashboard.

## Troubleshooting

### 401 Unauthorized

* Verify your API key is correct
* Check that you're using `Bearer` token format
* Ensure the API key hasn't been revoked
* Verify the API key is active (status: ACTIVE)

### 403 Forbidden

* Check your subscription status
* Verify your API key is active
* Ensure you have the necessary permissions

### Key Not Working After Regeneration

* Old API keys are immediately invalidated when regenerated
* Update all applications using the old key
* Verify the new key is active

## Next Steps

* Learn about [API endpoints](/api-reference/overview)
* Set up [Webhooks](/webhooks/overview) for real-time updates
* Review [Integration Notes](/integration-notes/overview) for best practices
