> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arouter.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Four ways to authenticate with the ARouter API — pick the one that matches your use case.

All `/v1/*` endpoints require authentication. ARouter supports four methods: three
API-key-based methods for every major LLM SDK, plus wallet-based authentication
for AI agents with crypto wallets.

## Auth Methods

<Tabs>
  <Tab title="Bearer Token">
    Used by the **OpenAI SDK**, **DeepSeek SDK**, **Mistral SDK**, and most OpenAI-compatible clients.

    ```bash theme={null}
    Authorization: Bearer lr_live_xxxx
    ```

    ```python theme={null}
    from openai import OpenAI

    client = OpenAI(
        base_url="https://api.arouter.ai/v1",
        api_key="lr_live_xxxx",  # sent as Bearer token
    )
    ```
  </Tab>

  <Tab title="X-Api-Key Header">
    Used by the **Anthropic SDK**.

    ```bash theme={null}
    X-Api-Key: lr_live_xxxx
    ```

    ```python theme={null}
    import anthropic

    client = anthropic.Anthropic(
        base_url="https://api.arouter.ai",
        api_key="lr_live_xxxx",  # sent as X-Api-Key
    )
    ```
  </Tab>

  <Tab title="Query Parameter">
    Used by the **Google Gemini SDK**.

    ```bash theme={null}
    GET /v1beta/models?key=lr_live_xxxx
    ```

    ```python theme={null}
    import google.generativeai as genai

    genai.configure(
        api_key="lr_live_xxxx",  # sent as ?key= param
        transport="rest",
        client_options={"api_endpoint": "https://api.arouter.ai"},
    )
    ```
  </Tab>

  <Tab title="Wallet JWT (SIWx)">
    Used by **AI agents with crypto wallets** (EVM or Solana). Wallets authenticate
    with `SIGN-IN-WITH-X` and then use a wallet JWT as the Bearer token.

    ```bash theme={null}
    Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
    ```

    Wallet JWTs are obtained from `POST /v1/x402/auth` via SIWx, or from the
    first successful x402 payment response.

    See the [x402 Payments Guide](/en/guides/x402-payments) for the full wallet flow.
  </Tab>
</Tabs>

<Info>
  The first three methods use the same ARouter API key. The gateway automatically detects
  which method is being used. Wallet users follow a separate path: SIWx/x402 produce a
  wallet JWT, and subsequent requests use `Authorization: Bearer <jwt>`.
</Info>

## Key Types

| Key Type           | Format         | Description                                                                  |
| ------------------ | -------------- | ---------------------------------------------------------------------------- |
| **Management Key** | `lr_mgmt_xxxx` | Create and manage API keys via the management API.                           |
| **API Key**        | `lr_live_xxxx` | Make LLM requests. Can have provider/model restrictions and spending limits. |

Management keys create API keys that can only **narrow** permissions — never expand beyond the tenant's scope.

See the [Key Management Guide](/en/guides/key-management) for details.

## Error Responses

When authentication fails, you'll receive one of these responses:

```json theme={null}
// Missing or malformed key
{
  "error": {
    "message": "missing or invalid Authorization header",
    "type": "authentication_error"
  }
}
```

```json theme={null}
// Invalid key
{
  "error": {
    "message": "invalid api key",
    "type": "authentication_error"
  }
}
```

Both return HTTP `401 Unauthorized`.
