> ## Documentation Index
> Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate API requests

> Authenticate Veryfront API requests with bearer credentials.

Veryfront APIs use bearer credentials for server-side requests and MCP clients.

## Steps

1. Create an API key in Veryfront Studio.
2. Store the key in a secret manager or local environment file.
3. Send the key in the `Authorization` header.
4. Keep API keys out of browser code.

## Authorization header

```bash title="Authorization header" theme={null}
Authorization: Bearer <API_KEY>
```

## Try it with REST

Set the key:

```bash title="Terminal" theme={null}
export VERYFRONT_API_KEY="<API_KEY>"
```

List projects:

`GET /projects`

```bash title="Terminal" theme={null}
curl https://api.veryfront.com/projects \
  -H "Authorization: Bearer $VERYFRONT_API_KEY"
```

## API surfaces

| Surface | Start here                                                                                             |
| ------- | ------------------------------------------------------------------------------------------------------ |
| REST    | [REST authentication](/cloud/rest/api-reference/authentication/get-jwks), [REST overview](/cloud/rest) |
| GraphQL | [Current User](/cloud/graphql/operations/users/queries/currentuser)                                    |
| MCP     | [Get Current User](/cloud/mcp/tools/get-current-user)                                                  |

## Verify

Confirm the response returns projects you can access.

Do not call Veryfront APIs with API keys from browser code.

Use a server route or backend service for requests that need a secret key.

Project-scoped requests also need access to the target project.

## Next

| Goal                  | Page                                                    |
| --------------------- | ------------------------------------------------------- |
| Create an API key     | [Create API key](/cloud/getting-started/create-api-key) |
| Manage project access | [Manage project access](/cloud/identity-and-access)     |
| Compare API surfaces  | [API reference](/cloud/apis)                            |

## API reference

| API                       | Use                                          |
| ------------------------- | -------------------------------------------- |
| [REST](/cloud/rest)       | Bearer authentication for resource requests. |
| [GraphQL](/cloud/graphql) | Bearer authentication for typed queries.     |
| [MCP](/cloud/mcp)         | Bearer authentication for assistant tools.   |