> ## Documentation Index
> Fetch the complete documentation index at: https://quintus.tec.br/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent authentication

> How to authenticate requests to the server-to-server agents API.

## Required header

All requests use `X-API-Key` with a private key in the `qts-sk-...` format.

```bash theme={null}
curl https://api.quintus.tec.br/v1/agent/sessions \
  -H "X-API-Key: SUA_API_KEY"
```

<Note>
  Create or manage your API keys at [app.quintus.tec.br/settings/api-keys](https://app.quintus.tec.br/settings/api-keys). For the server-to-server API, use private keys in the `qts-sk-...` format.
</Note>

## Recommendations

* Keep the key only in the backend.
* Separate keys by environment and integration.
* Rotate credentials periodically.
* Honor `Retry-After` on `429` responses.
