> ## Documentation Index
> Fetch the complete documentation index at: https://dronebundle.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the DroneBundle API using API keys.

<Info>
  API keys are available on the Enterprise plan. See [pricing](https://dronebundle.com/pricing) for details.
</Info>

## Base URL

All API requests are made to:

```
https://api.dronebundle.com/v1
```

For requests that include a body (`POST`, `PATCH`), set the `Content-Type` header to `application/json`.

## API keys

DroneBundle uses API keys to authenticate requests. Each key is tied to a specific workspace, so all resources you create or access through the key belong to that workspace.

API keys use the prefix `v1_` and are passed as a Bearer token in the `Authorization` header.

```bash theme={null}
curl -X GET https://api.dronebundle.com/v1/projects \
  -H "Authorization: Bearer v1_your_api_key_here"
```

## Creating an API key

1. Log in to your [DroneBundle dashboard](https://app.dronebundle.com/api-keys)
2. Click **Create API Key**
3. Give the key a name (e.g., "n8n Integration", "Internal Dashboard")
4. Select a scope
5. Copy the key and store it somewhere safe

The full key is only shown once. If you lose it, you will need to create a new one.

## Scopes

Each API key has a scope that controls what it can do:

| Scope         | Allowed methods                  | Description                                                                    |
| ------------- | -------------------------------- | ------------------------------------------------------------------------------ |
| `read_only`   | `GET`                            | Can only read data. Any `POST`, `PATCH`, or `DELETE` request will be rejected. |
| `full_access` | `GET`, `POST`, `PATCH`, `DELETE` | Can read and write data.                                                       |

## Rate limits

The API allows up to **1000 requests per minute**. Requests that exceed this limit will be rejected.

The [sandbox environment](/api-reference/sandbox#rate-limits) has lower rate limits.

## Error responses

When authentication fails, the API returns a `403` status code with a JSON body explaining the reason.

**Invalid or missing key**

```json theme={null}
{
  "message": "Invalid API key",
  "code_name": "invalid_api_key"
}
```

**Inactive key**

```json theme={null}
{
  "message": "API key is not active",
  "code_name": "api_key_inactive"
}
```

**Read-only key used for a write operation**

```json theme={null}
{
  "message": "API key has read-only access",
  "code_name": "read_only_access"
}
```

**Enterprise plan required**

```json theme={null}
{
  "message": "API keys require an Enterprise plan",
  "code_name": "enterprise_required"
}
```

**Endpoint not available via API key**

```json theme={null}
{
  "message": "API key access not allowed for this endpoint",
  "code_name": "api_key_path_not_allowed"
}
```

<Warning>
  API keys grant access to your workspace data. Keep them secure and never
  expose them in client-side code or public repositories.
</Warning>
