> ## Documentation Index
> Fetch the complete documentation index at: https://docs.jojapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Using JoJ API Keys

JoJ API Keys provide secure access to APIs listed on the JoJ API Marketplace, allowing you to integrate these APIs into your software and applications. You can [manage your API keys](https://jojapi.com/workspace/api-keys) — including creating new keys, deleting existing ones, restricting a key to specific APIs, or assigning custom names for easier organization.

JoJ API supports multiple authentication methods using your API keys. Below are the available options, along with brief explanations and usage examples:

### **1. X-JoJAPI-Key Header**

Send your API key via the custom `X-JoJAPI-Key` HTTP header.

**Example:**

```
X-JoJAPI-Key: YOUR_API_KEY
```

### **2. Authorization Header**

Pass your API key directly through the `Authorization` header without any prefix.

**Example:**

```
Authorization: YOUR_API_KEY
```

### **3. Bearer Token**

Use the `Authorization` header with the `Bearer` scheme followed by your API key.

**Example:**

```
Authorization: Bearer YOUR_API_KEY
```

### **4. Basic Token**

Send your API key using HTTP Basic Authentication. The `Authorization` header should contain the word `Basic`, followed by a base64-encoded string of `apikey:apikey`.

**Example:**

```
Authorization: Basic BASE64_ENCODED_APIKEY
```

> **Note:**\
> To encode:\
> `echo -n "YOUR_API_KEY:YOUR_API_KEY" | base64`

## Restricting a Key to Specific APIs

By default, an API key works on every API you are subscribed to. You can limit a key to a specific set of APIs from **Workspace → API Keys**: click **API access** on a key, turn off **Access to all APIs**, and tick the APIs the key is allowed to call.

When a key is restricted, the gateway rejects any request it makes to an API outside its allowed list with a `403` response. This is useful for separating environments, sharing a narrowly-scoped key with a teammate, or limiting exposure if a key is ever leaked. You can change a key's access — or return it to all APIs — at any time.

## **📌 Notes:**

* Replace `YOUR_API_KEY` with your actual API key.
