> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wazzapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Dashboard sessions for users, API keys for API integrations

# Authentication

WazzAPI supports two main authentication paths depending on how you use the platform.

## Dashboard authentication

The dashboard sign-in flow is designed for people using the product directly.

* sign-in is currently **Google-only**
* authenticated users operate through sessions and cookies
* access is controlled by your organization membership and role

Use dashboard authentication when you are working in the product interface.

## API Key Authentication

API keys are the standard authentication method for server-to-server integrations with the WazzAPI API.

<Note>
  This is the recommended method for backend services, automations, and webhook consumers.
</Note>

### How It Works

Include your API key in the `Authorization` header of every request:

```bash Authentication Header theme={null}
Authorization: Bearer YOUR_API_KEY
```

### Example Request

```bash cURL theme={null}
curl -X POST https://api.wazzapi.com/api/v1/messages/send \
  -H "Authorization: Bearer wz_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "phone_number": "6281234567890",
    "content": "Hello from WazzAPI!",
    "message_type": "text",
    "whatsapp_account_id": "00000000-0000-0000-0000-000000000000"
  }'
```

### Managing Keys

You can create and manage API keys from the **Developers** area in the dashboard.

* Keys belong to your organization.
* Keys can include scopes and expiry settings.
* Keys respect your available permissions and plan limits.
* You can revoke or rotate keys at any time.

<Warning>
  Never expose your API keys in client-side code (browsers, mobile apps). Always proxy requests through your own backend.
</Warning>

## MCP authentication

WazzAPI MCP uses the same WazzAPI account access model, but the hosted MCP server authenticates with a custom header instead of the REST API Bearer format.

```text theme={null}
wazzapi-api-key: YOUR_API_TOKEN
```

Use MCP when you are connecting WazzAPI to tools such as Claude Code, Cursor, or VS Code. Use the REST API when you are building deterministic backend application flows.

<Note>
  See the dedicated <a href="/wazzapi-mcp">WazzAPI MCP guide</a> for the hosted MCP URL, Claude Code setup command, workspace path constraints, and agent mode.
</Note>

## Troubleshooting

Common authentication errors:

| Error Code              | Meaning                    | Solution                                                                            |
| :---------------------- | :------------------------- | :---------------------------------------------------------------------------------- |
| `401 Unauthorized`      | Invalid or missing key     | Check your `Authorization` header format.                                           |
| `403 Forbidden`         | Insufficient permissions   | Verify the key belongs to the correct organization and includes the required scope. |
| `429 Too Many Requests` | Plan or rate limit reached | Check billing or rate-limit guidance before retrying.                               |

## Recommended rule of thumb

* **Humans** → sign in through the dashboard
* **Backends and automations** → call the API with Bearer API keys
