> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getdoppel.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> How to authenticate with the Doppel API

# API Keys

All API requests require authentication using an API key. Include your key in the `Authorization` header using the Bearer scheme.

## Authentication Header

```bash theme={null}
Authorization: Bearer dpl_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

## API Key Format

Doppel API keys follow a specific format:

| Prefix      | Environment     | Example                    |
| ----------- | --------------- | -------------------------- |
| `dpl_live_` | Production      | `dpl_live_abc123xyz789...` |
| `dpl_test_` | Testing/Sandbox | `dpl_test_abc123xyz789...` |

## Making Authenticated Requests

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET "https://api.getdoppel.ai/api/v1/clinics" \
    -H "Authorization: Bearer dpl_live_YOUR_API_KEY"
  ```

  ```javascript JavaScript theme={null}
  const API_KEY = 'dpl_live_YOUR_API_KEY';

  const response = await fetch('https://api.getdoppel.ai/api/v1/clinics', {
    method: 'GET',
    headers: {
      'Authorization': `Bearer ${API_KEY}`,
      'Content-Type': 'application/json'
    }
  });
  ```

  ```python Python theme={null}
  import requests

  API_KEY = 'dpl_live_YOUR_API_KEY'

  response = requests.get(
      'https://api.getdoppel.ai/api/v1/clinics',
      headers={
          'Authorization': f'Bearer {API_KEY}',
          'Content-Type': 'application/json'
      }
  )
  ```
</CodeGroup>

## Scopes

API keys have specific scopes that determine what resources they can access:

| Scope               | Description                                  |
| ------------------- | -------------------------------------------- |
| `interactions:read` | Read interaction data (calls, conversations) |
| `metrics:read`      | Access aggregated metrics and analytics      |
| `campaigns:read`    | View campaign information                    |
| `clinics:read`      | List clinic details                          |

<Info>
  By default, API keys are created with all read scopes enabled. Contact your account manager if you need to modify scopes.
</Info>

## Clinic Restrictions

API keys can optionally be restricted to specific clinics. When restricted:

* The key can only access data for the specified clinics
* Requests for other clinics will return empty results
* This is useful for multi-location integrations

## Security Best Practices

<Warning>
  Treat your API key like a password. Never expose it publicly.
</Warning>

### Do's

* Store API keys in environment variables
* Use server-side code to make API calls
* Rotate keys periodically
* Use separate keys for development and production

### Don'ts

* Never commit API keys to version control
* Never expose keys in client-side JavaScript
* Never share keys via email or chat
* Never use production keys for testing

## Error Responses

### Missing Authorization Header

```json theme={null}
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing Authorization header. Expected: Bearer <api_key>"
  },
  "request_id": "...",
  "timestamp": "..."
}
```

### Invalid API Key

```json theme={null}
{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid API key"
  },
  "request_id": "...",
  "timestamp": "..."
}
```

### Expired API Key

```json theme={null}
{
  "success": false,
  "error": {
    "code": "API_KEY_EXPIRED",
    "message": "API key has expired"
  },
  "request_id": "...",
  "timestamp": "..."
}
```

## Getting an API Key

To obtain an API key:

1. Contact your Doppel account manager
2. Specify your use case and required scopes
3. Receive your key via secure channel
4. Store it securely and start integrating!
