> ## Documentation Index
> Fetch the complete documentation index at: https://developers.myeden.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How API keys work and how to keep them safe.

The Eden API uses **API keys** sent as Bearer tokens.

## Key format

```
eden_live_<keyId>_<secret>
```

* `eden_live_` — fixed prefix
* `keyId` — 24 characters, uniquely identifies the key
* `secret` — 32 characters, kept private

The full key is shown to you **once** when issued. Eden stores only a
salted hash — if you lose it, we can't recover it; we can only issue
a new one.

## Sending the key

```http theme={null}
GET /v1/videos/vid_a7Kp9m... HTTP/1.1
Host: api.myeden.me
Authorization: Bearer eden_live_a7Kp9mNqR2vXyB4dH6jL8sTw_M3nP5qR7sT9vW2xY4zA6bC8dE0fG2hJ
```

## Scopes

| Scope          | Allows                             |
| -------------- | ---------------------------------- |
| `videos:read`  | Get video status and details       |
| `videos:write` | Ingest, archive, republish, delete |

Request a read-only key for analytics integrations — safer than reusing
a write key.

## How keys map to content

Each API key is bound to one Eden publisher account. Every video you ingest
is owned by that publisher account. If you rotate keys (revoke an old one,
issue a new one) videos created by the old key remain manageable by any
new key tied to the same publisher account.

If your organization needs multiple isolated key spaces (e.g. separate
keys for live game ingest vs. archival content), contact us and we'll set
up separate publisher accounts.

## Security best practices

<AccordionGroup>
  <Accordion title="Never embed keys in client code">
    Keep keys on your backend. Embedding in mobile or web clients
    effectively makes them public.
  </Accordion>

  <Accordion title="Use environment variables">
    Load keys from environment variables. `.env` belongs in `.gitignore`.
  </Accordion>

  <Accordion title="Use separate keys per environment">
    Request distinct keys for staging and production.
  </Accordion>

  <Accordion title="Rotate on suspicion">
    Email [support@myeden.me](mailto:support@myeden.me) to rotate immediately if compromised. The
    old key is revoked the moment the new one is issued.
  </Accordion>
</AccordionGroup>

## Requesting access

API access is invite-only. Email
[support@myeden.me](mailto:support@myeden.me?subject=API%20Access%20Request)
with your organization name and intended use case.
