> ## Documentation Index
> Fetch the complete documentation index at: https://docs.otim.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

All API requests must include a valid API key in the `Authorization` header using the Bearer scheme.

```bash theme={null}
curl https://api.otim.com/v0/accounts \
  -H "Authorization: Bearer sk_..."
```

## API keys

API keys are created in the Developer section of your dashboard. Each key is scoped to your Platform and can be independently labeled and revoked.

Keys are prefixed with `sk_` and should be treated as secrets. Do not expose them in client-side code, public repositories, or logs.

## Environments

| Environment | Base URL                          | Description                                           |
| ----------- | --------------------------------- | ----------------------------------------------------- |
| Sandbox     | `https://sandbox.api.otim.com/v0` | For development and testing. No real funds are moved. |
| Production  | `https://api.otim.com/v0`         | For live operations with real funds.                  |

Sandbox and production use separate API keys. You can create and manage keys for each environment independently from your dashboard.

## Error responses

Requests with a missing or invalid API key return a `401 Unauthorized` response:

```json theme={null}
{
  "error": "Invalid API key.",
  "code": "unauthorized"
}
```
