> ## Documentation Index
> Fetch the complete documentation index at: https://docs.signa.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Get your API key, understand scopes, and rotate keys safely

Every request to the Signa API needs a Bearer token in the `Authorization` header.

```bash theme={null}
Authorization: Bearer sig_YOUR_KEY
```

## Getting your API key

Sign up at [app.signa.so](https://app.signa.so) and navigate to **API Keys** in the sidebar. Click **+ Create new key**, give it a name, and copy the full key immediately: it is only shown once.

Manage all your keys (create, rotate, revoke) from the [API Keys dashboard](https://app.signa.so/api-keys).

## Key format

API keys use the format `sig_` followed by 48 hex characters. Unrecognized prefixes are rejected with `401` before any lookup.

## Scopes

Each API key has one or more scopes that control what it can access:

| Scope                 | Grants access to                                                                  |
| --------------------- | --------------------------------------------------------------------------------- |
| `trademarks:read`     | Trademark records, owners, attorneys, firms, proceedings: all public catalog data |
| `events:read`         | Event feed (`/v1/events`). Plan-gated.                                            |
| `portfolios:manage`   | Customer-owned resources: portfolios, saved searches, watches, alerts, webhooks   |
| `api-keys:manage`     | API key creation, rotation, update, and revocation                                |
| `organization:manage` | Organization settings (e.g. renaming the organization)                            |
| `billing:read`        | Usage, plan, and log endpoints                                                    |

## Key rotation

Rotate a key when you suspect it has been compromised, when a team member leaves, or as part of regular security hygiene. Rotate from the [API Keys dashboard](https://app.signa.so/api-keys) (open the **...** menu on a key and select **Rotate key**) or programmatically via the [Rotate API Key](/api-reference/administration/rotate-api-key) endpoint. Rotation issues a new key; the old key keeps working for a 24-hour grace period so you can roll the new secret out to your services without downtime.

<Warning>
  API keys are for server-to-server use only. Never ship a `sig_` key in client-side code (browser JavaScript, mobile apps, or anything a user can inspect); call the Signa API from your backend and proxy requests to any frontend that needs the data.
</Warning>
