> ## Documentation Index
> Fetch the complete documentation index at: https://api-docs.nexbridge.finance/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

# Authentication

The Nexbridge Partner API uses API Key authentication.

Each request must include a valid API Key in the Authorization header.

***

# Authorization Header

```http theme={null}
Authorization: ApiKey <api_key>
```

***

# Partner Scope

Each API Key is associated with a single approved partner.

All requests performed using the API Key are automatically scoped to that partner.

Partners cannot access:

* requests from other partners
* balances from other partners
* addresses from other partners
* funding activity from other partners

***

# API Key Requirements

API Keys are only available for partners with approved operational onboarding.

Inactive or rejected partners cannot use API access.

***

# API Key Lifecycle

API Keys support the following states:

## Active

The API Key is enabled and can be used to authenticate requests.

***

## Suspended

The API Key is temporarily disabled.

Authentication requests using suspended API Keys will fail.

***

## Revoked

The API Key has been permanently revoked and can no longer be used.

***

# Security Recommendations

Partners should:

* Store API Keys securely
* Never expose API Keys publicly
* Rotate API Keys periodically
* Restrict internal access to authorized systems only

***

# Rate Limiting

Rate limiting policies may apply depending on the integration profile.

Partners should implement retry and backoff strategies for temporary failures.

***

# HTTP Responses

Authentication failures return standard HTTP authorization errors.

Examples include:

* Missing API Key
* Invalid API Key
* Suspended API Key
* Revoked API Key

***

# Future Scope

The following authentication features are out of scope for V1:

* OAuth flows
* Multi-user API access
* Self-service API Key creation
* IP whitelisting management
* Scoped permissions per endpoint
