> ## Documentation Index
> Fetch the complete documentation index at: https://developers.squads.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Understanding Grid's authentication and security model

export const ApiKeyRequestButton = () => {
  const handleClick = () => {
    window.open('https://squads-grid.typeform.com/contact', '_blank');
  };
  return <button onClick={handleClick} className="px-4 py-2 bg-black text-white rounded-lg hover:bg-neutral-800 transition-colors">
  Request API Key
</button>;
};

Grid implements a robust authentication system that combines API key authentication with blockchain-specific security features. This guide explains how to authenticate your requests and manage your API keys securely.

## API Keys

### Getting your API Keys

<ApiKeyRequestButton />

### API Key Scoping

API keys in Grid are scoped in two ways:

1. **Feature Scope**: Each API key is granted access to specific features and endpoints. If you need access to additional features, please contact Grid support.
2. **Environment Scope**: API keys are tied to specific environments (production or sandbox). You'll need separate API keys for each environment. For more details about environments, see the [Environments](/grid/v0/environments) guide.

### Using API Keys

All API requests must include your API key in the Authorization header:

<ParamField header="Authorization" type="string" required>
  Bearer token authentication. Format: `Bearer <your-api-key>`. The API key must be a valid UUID and must be active (not disabled).
</ParamField>

### API Key Security

* Never commit API keys to version control
* Use environment variables to store API keys
* Use different API keys for development and production

## Support

If you need access to additional features or have questions about API key scoping, please reach out to your Grid representative or reach out to us at [grid\[at\]sqds.io](mailto:grid@sqds.io).
