> ## Documentation Index
> Fetch the complete documentation index at: https://magica.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Magica REST API.

All API endpoints require authentication via a Bearer token in the `Authorization` header. Keys start with the `gx_` prefix.

***

## Using your API key

<Tabs>
  <Tab title="cURL">
    ```bash theme={null}
    curl https://api.magica.com/api/v1/models \
      -H "Authorization: Bearer gx_your_api_key"
    ```
  </Tab>

  <Tab title="Node.js">
    ```javascript theme={null}
    const res = await fetch("https://api.magica.com/api/v1/models", {
      headers: { Authorization: `Bearer ${process.env.MAGICA_API_KEY}` },
    });
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    import os, requests

    res = requests.get(
        "https://api.magica.com/api/v1/models",
        headers={"Authorization": f"Bearer {os.environ['MAGICA_API_KEY']}"},
    )
    ```
  </Tab>
</Tabs>

Create and manage keys from **Settings → API Keys** in the [Magica app](https://app.magica.com).

***

## Creating a key

<Steps>
  <Step title="Sign in">
    Open [app.magica.com](https://app.magica.com) and sign in.
  </Step>

  <Step title="Open Settings">
    Click the **Settings** button at the bottom of the left sidebar.

    <Frame caption="Account menu — click Settings">
      <img src="https://mintcdn.com/galaxyai-f8150d75/qgKkKW7c60Qp9lDO/images/api-keys/settings-button.png?fit=max&auto=format&n=qgKkKW7c60Qp9lDO&q=85&s=0aa8d2b031db3ef277df4fe2c610ad85" alt="Account menu showing the Settings button highlighted" width="255" height="162" data-path="images/api-keys/settings-button.png" />
    </Frame>
  </Step>

  <Step title="Open API Keys">
    Select the **API Keys** tab in the settings sidebar, then click **Manage**.

    <Frame caption="Settings sidebar — API Keys tab">
      <img src="https://mintcdn.com/galaxyai-f8150d75/qgKkKW7c60Qp9lDO/images/api-keys/settings-sidebar-api-keys.png?fit=max&auto=format&n=qgKkKW7c60Qp9lDO&q=85&s=cf4ca0b3479ff4490a265d9ec8d8a7c6" alt="Settings sidebar with the API Keys tab highlighted" width="225" height="434" data-path="images/api-keys/settings-sidebar-api-keys.png" />
    </Frame>

    <Frame caption="API Keys panel — click Manage">
      <img src="https://mintcdn.com/galaxyai-f8150d75/qgKkKW7c60Qp9lDO/images/api-keys/api-keys-manage.png?fit=max&auto=format&n=qgKkKW7c60Qp9lDO&q=85&s=71ffe326b558c6c94d0a96b3b3b46206" alt="API Keys settings panel with the Manage button highlighted" width="640" height="172" data-path="images/api-keys/api-keys-manage.png" />
    </Frame>
  </Step>

  <Step title="Create the key">
    Click **Create Key**, enter a label (e.g. "Production"), and optionally set
    an expiration date.
  </Step>

  <Step title="Copy the key">
    Copy the full key immediately — **it's only shown once**.
  </Step>
</Steps>

<Warning>
  The full API key is only displayed at creation time. Store it securely. If you
  lose it, revoke the key and create a new one.
</Warning>

***

## Key properties

You can create up to **10 API keys** per account. Each key has its own label, rate limits, and optional expiration.

| Property                    | Description                                                  |
| --------------------------- | ------------------------------------------------------------ |
| **Label**                   | A unique name for this key (editable anytime)                |
| **Prefix**                  | The visible `gx_...` prefix shown in the dashboard           |
| **Rate limit (per minute)** | Max requests per minute for this key (default: 60)           |
| **Rate limit (per day)**    | Max requests per day for this key (default: 1000)            |
| **Expires at**              | Optional expiration date — key stops working after this date |
| **Created at**              | When the key was created                                     |

***

## Managing keys

<CardGroup cols={2}>
  <Card title="Edit a key" icon="pen">
    Update label or rate limits from **Settings → API Keys**. Click the pencil
    icon next to any key.
  </Card>

  <Card title="Revoke a key" icon="ban">
    Click the revoke button next to any key. Revocation is immediate — requests
    using that key start returning `401`.
  </Card>
</CardGroup>

<Note>
  Revoking a key does not affect other keys on your account. Your other keys
  continue working normally.
</Note>

***

## Key expiration

You can optionally set an expiration date when creating a key. After it passes:

* The key is automatically invalidated by the system
* API requests using the key return `401 Unauthorized`
* The key shows an "Expired" badge in the dashboard
* You can revoke expired keys to clean up your list

<Tip>
  Use expiration dates for temporary integrations, CI/CD pipelines, or
  contractor access. For long-lived production keys, leave the expiration empty.
</Tip>

***

## Rate limits

Each API key has its own rate limits that you can configure:

| Limit          | Default        | Range       |
| -------------- | -------------- | ----------- |
| **Per minute** | 60 requests    | 1 – 10,000  |
| **Per day**    | 1,000 requests | 1 – 100,000 |

When you exceed a rate limit, the API returns a `429 Too Many Requests` response with a `Retry-After` header:

```json theme={null}
{
  "error": "Rate limit exceeded. Please try again later.",
  "message": "Rate limit exceeded. Please try again later.",
  "code": "RATE_LIMITED",
  "traceId": "req_..."
}
```

Rate-limit info is included in response headers:

| Header                  | Description                                        |
| ----------------------- | -------------------------------------------------- |
| `X-RateLimit-Remaining` | Requests remaining in the current window           |
| `X-RateLimit-Reset`     | Timestamp (ms) when the rate limit resets          |
| `Retry-After`           | Seconds to wait before retrying (on 429 responses) |

<Tip>
  Use exponential backoff when retrying after a 429. If you consistently hit
  limits, raise the rate on that key in the dashboard, or create separate keys
  for different services.
</Tip>

***

## Error responses

| Status | Meaning                                       |
| ------ | --------------------------------------------- |
| `401`  | Missing, invalid, revoked, or expired API key |
| `429`  | Rate limit exceeded                           |

```json theme={null}
{
  "error": "Invalid or expired API key.",
  "message": "Invalid or expired API key.",
  "code": "UNAUTHORIZED",
  "traceId": "req_..."
}
```