> For the complete documentation index, see [llms.txt](https://docs.cngn.co/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cngn.co/integrations/authorization.md).

# Authorization

The cNGN API uses API Keys for server-side API calls. All requests must include the API Key as a Bearer token in the request headers.

#### Required Headers

| Header          | Value              |
| --------------- | ------------------ |
| `Content-Type`  | `application/json` |
| `Authorization` | `Bearer <apiKey>`  |

#### API Key Environments

| Environment | Description                                             |
| ----------- | ------------------------------------------------------- |
| **Test**    | Uses test API key prefix for sandbox/testing operations |
| **Live**    | Uses live API key prefix for production operations      |

The environment is automatically determined based on your API key prefix.

#### IP Whitelisting

All API requests are validated against your whitelisted IP addresses. Ensure your server IP is added to your security settings before making API calls.

| Status | Error Message                           |
| ------ | --------------------------------------- |
| 403    | `Could not determine client IP address` |
| 403    | `Security context not found`            |
| 403    | `IP address not whitelisted`            |
