> ## Documentation Index
> Fetch the complete documentation index at: https://docs.talkturo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate with the Talkturo API

> Learn how to get your API token from the dashboard and pass it in requests using the Authorization header to authenticate with the Talkturo REST API.

The Talkturo API uses Bearer token authentication. Every request you send must include an `Authorization` header with a valid token. You obtain this token from the Talkturo dashboard — no separate developer account or OAuth flow required.

## Get your API token

<Steps>
  <Step title="Open your dashboard settings">
    Log in to your Talkturo account and click your account name in the top navigation bar, then select **Settings**.
  </Step>

  <Step title="Navigate to API Keys">
    In the settings sidebar, click **API Keys**. This page lists all active tokens for your account.
  </Step>

  <Step title="Create a new key">
    Click **Create API Key**, give it a descriptive name (for example, `production-integration`), and click **Generate**. Copy the token immediately — Talkturo only shows it once.
  </Step>
</Steps>

<Warning>
  Store your API token in an environment variable or a secrets manager. Do not hard-code it in source code or commit it to version control.
</Warning>

## Authorize requests

Pass your token in the `Authorization` header as a Bearer credential on every API request:

```bash theme={null}
Authorization: Bearer <your-token>
```

### Example request

```bash theme={null}
curl https://<your-domain>/api/assistants/asst_01j... \
  -H "Authorization: Bearer <your-token>"
```

### Example with a request body

```bash theme={null}
curl -X POST https://<your-domain>/api/assistants \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "accountSlug": "my-team",
    "name": "Support Agent"
  }'
```

## Error responses

### 401 Unauthorized

You receive a `401` response when the token is missing, malformed, or expired.

```json theme={null}
{
  "error": "Unauthorized"
}
```

**Fix:** Check that you included the `Authorization: Bearer <token>` header and that the token value is correct. Tokens do not expire by default, but a token you revoked or one copied incorrectly will trigger this error.

### 403 Forbidden

You receive a `403` response when your token is valid but you do not have permission to perform the requested action — for example, attempting to update an assistant that belongs to a different account.

```json theme={null}
{
  "error": "Forbidden"
}
```

**Fix:** Verify that the resource you are accessing belongs to the account associated with your token. If you manage multiple accounts, make sure you are using the correct token for each one.
