> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wede.pt/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Wede API

## API Key

Every Wede tenant has an API key. You can find yours in [Settings](https://app.wede.pt/dashboard/settings).

API keys have the format: `wede_live_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`

## Using your API key

Pass your API key in the `x-wede-api-key` header:

```bash theme={null}
curl https://api.wede.pt/v1/tenant/zones \
  -H "x-wede-api-key: wede_live_YOUR_KEY"
```

## JWT Authentication

For user-level access (dashboard, admin operations), authenticate with email and password to receive a JWT token:

```bash theme={null}
curl -X POST https://api.wede.pt/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "your@email.com",
    "password": "your_password"
  }'
```

Response:

```json theme={null}
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 28800,
  "user": {
    "id": "uuid",
    "email": "your@email.com",
    "name": "Your Name",
    "rbac_level": "company_admin"
  }
}
```

Use the token in the `Authorization` header:

```bash theme={null}
curl https://api.wede.pt/v1/tenant/zones \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
```

JWT tokens expire after **8 hours**.

## User Roles

Wede uses role-based access control. Each user has one of the following roles:

| Role                     | Description                                  |
| ------------------------ | -------------------------------------------- |
| `company_admin`          | Full access to tenant resources              |
| `company_tech`           | Technical access - API, webhooks, zones      |
| `operational_supervisor` | Operational access - events, zones, dispatch |
| `field_operator`         | Field access - events and zone status        |
| `corporate_client`       | Read-only access to reports                  |
| `api_user`               | API-only access, no dashboard                |

## Security

<Warning>
  Never expose your API key in client-side code, public repositories, or logs.
</Warning>

* Store API keys in environment variables
* Rotate keys regularly via the [dashboard](https://app.wede.pt/dashboard/settings)
* Use the minimum required permissions for each integration
* All API traffic is encrypted in transit over HTTPS
