# API Key

Use this method when the provider gives you a key-value credential and expects it in a header or query parameter.

### What this method does

Nected appends your API key either:

* as a header (recommended), or
* as a query parameter (if provider requires).

### When to use

* Provider requires API key authentication
* You need simple machine-to-machine auth without OAuth flow

### Required fields in Nected

* **Key**: field name, for example `X-API-Key` or `api_key`
* **Value**: secret key provided by the external API owner

![API Key configuration form](https://lh5.googleusercontent.com/SeCmpnm_kVgy_2bUqLUpWv_RZ15p0ONm7IuBC5dqSP0DMBkuRO_3pelERGA1mgVXmpNVRk-__30NXPq9OiCHPwqIIuXuSpbtzZIArz2EJ9sjm-_L5Rtm6DtACgJ4v44UhtFPSGHSiWBO)

### Format examples

Header style:

```http
X-API-Key: <api_key_value>
```

Query style:

```http
GET /resource?api_key=<api_key_value>
```

### Step-by-step setup

1. Start from either location:
   * **Path A**: Open **Security > Authorization** and click **+ New Authentication**.
   * **Path B**: Open the **REST API connector configuration sidebar** and click **Create Authentication** from the Authentication dropdown.
2. Select **API Key**.
3. Add `Key` and `Value`.
4. Save configuration.
5. Attach/select this auth config in the integration/API request step.
6. Test against the provider endpoint.

### Validation checklist

* Key name matches provider docs exactly.
* Placement matches provider requirement (header/query).
* Key value has no extra characters.

### Security considerations

* Prefer header placement over query when supported.
* Avoid logging full URLs if key is passed as query param.
* Rotate and revoke keys regularly.

### Common errors and fixes

* **401 Unauthorized**: key is wrong or revoked.
* **403 Forbidden**: key is valid but lacks required permission.
* **Works in one tool only**: verify header vs query placement mismatch.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nected.ai/nected-docs/security/external-api-authentication/api-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.