> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pam.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate to the PAM Outbound API with bearer API keys.

All `/v1` requests require an API key in the `Authorization` header.

```bash theme={null}
Authorization: Bearer $PAM_API_KEY
```

API keys are scoped to a client organization. Requests can only access conversations, keys, and webhooks that belong to that organization.

## Creating Keys

The first API key is provisioned outside the public API during onboarding. Once you have a valid key, you can create additional keys through the API:

```bash theme={null}
curl https://api.pamhq.com/v1/api-keys \
  -X POST \
  -H "Authorization: Bearer $PAM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production integration",
    "expiresAt": "2027-01-01T00:00:00Z"
  }'
```

The raw key is returned only once. Store it immediately.

```json theme={null}
{
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Production integration",
    "key": "pk_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901",
    "keyPrefix": "pk_live_aBcD",
    "expiresAt": "2027-01-01T00:00:00Z",
    "createdAt": "2026-04-10T14:00:00Z"
  },
  "meta": {
    "requestId": "req_abc123"
  }
}
```

## Rotating Keys

Use short, descriptive names for keys so they are easy to rotate later. To rotate a production key:

1. Create a replacement key.
2. Deploy the replacement key to your integration.
3. Confirm traffic succeeds with the new key.
4. Revoke the old key with `POST /api-keys/{id}/revoke`.

Revoked or expired keys receive `401 Unauthorized`.
