> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bridge.new/llms.txt
> Use this file to discover all available pages before exploring further.

# REST API and Webhooks Credentials

> Learn how to authenticate with the Bridge API using API Keys, including setup, usage examples, and security best practices.

## Overview

All requests to the Bridge API must be authenticated using an **API Key**. This key identifies your application and authorizes it to access Bridge resources on behalf of your organization.

<Note>
  You will need access to Bridge's admin console at [https://admin.bridge.new](https://admin.bridge.new).

  If you don't have one, please ask your Bridge Admin to create you a user.
</Note>

***

## Generating an API Key

<Steps>
  <Step title="Open the Admin Console" icon="browser" iconType="regular" stepNumber={1}>
    Go to your [Bridge Dashboard](https://admin.bridge.new) and log in with your credentials.
  </Step>

  <Step title="Navigate to API Keys" icon="key" iconType="regular" stepNumber={2}>
    In the left panel, go to **Developers → API Keys Management**.
  </Step>

  <Step title="Create a new key" icon="plus" iconType="regular" stepNumber={3}>
    Click **Generate New Key**. You can give it a descriptive name and set an expiration date.

    <Warning>
      **Important:**\
      Your API Key will only be displayed once upon creation. Copy it immediately and store it in a secure location — you will not be able to retrieve it later.
    </Warning>
  </Step>
</Steps>

***

## Using your API Key

Include your API Key in the `x-api-key` header on every request:

```bash theme={null}
curl -X GET "https://api.bridge.new/bridge/api/health" \
  -H "x-api-key: YOUR_API_KEY"
```

```javascript theme={null}
const response = await fetch("https://api.bridge.new/bridge/api/health", {
  method: "GET",
  headers: {
    "x-api-key": "YOUR_API_KEY",
  },
});

const data = await response.json();
console.log(data);
```

```python theme={null}
import requests

response = requests.get(
    "https://api.bridge.new/bridge/api/health",
    headers={"x-api-key": "YOUR_API_KEY"}
)

print(response.json())
```

<Note>
  Use the `GET /bridge/api/health` endpoint to verify that your API Key is valid and your connection is working correctly.
</Note>

***

## Security Best Practices

* **Use environment variables** — Store your API Key in an environment variable (e.g. `BRIDGE_API_KEY`) instead of hardcoding it in your source code.
* **Never expose keys in client-side code** — API Keys should only be used in server-side applications. Never include them in frontend code, mobile apps, or public repositories.
* **Set an expiration date** — Always configure an expiration when creating a key. Avoid using keys without a defined expiry.
* **One key per application** — Use a separate API Key for each service or application that connects to Bridge. This limits the impact if a key is compromised.
* **Rotate keys periodically** — Create a new key and update your applications before deactivating the old one. This ensures zero downtime during rotation.

***

## Troubleshooting

| Error                   | Possible Cause                                             | Solution                                                                        |
| ----------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------- |
| `401 Unauthorized`      | Invalid, expired, or missing API Key                       | Verify that your key is correct, active, and included in the `x-api-key` header |
| `403 Forbidden`         | The API Key does not have access to the requested resource | Check that your key has the necessary permissions for this endpoint             |
| Cannot retrieve API Key | The key is only shown once at creation time                | Generate a new API Key from the Admin Console                                   |

For a complete list of error codes, see the [Error Codes](/error-codes) reference.

***

## Related Topics

* [Error Codes](/error-codes) — Full reference of Bridge API error codes
* [REST API Reference](/api-reference) — Explore all available endpoints
* [Webhooks](/webhooks) — Set up real-time event notifications
