> ## Documentation Index
> Fetch the complete documentation index at: https://developer.firstsales.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with scoped Developer API keys.

Developer API requests use bearer authentication.

```bash theme={null}
curl https://api.app.firstsales.io/api/v1/whoami \
  -H "Authorization: Bearer $FIRSTSALES_API_KEY"
```

## API key behavior

* Raw keys are shown once at creation time.
* FirstSales stores only a hash and a display prefix.
* Revoked keys stop working immediately.
* Keys are bound to the creator's organization membership.
* If the creator loses access or is suspended, the key fails closed.

## Access levels

Developer API keys have an access level:

* `workspace`: can operate only workspace-scoped resources and requires a workspace target.
* `organization`: can operate organization-scoped resources only with explicit organization scopes.

Wildcard scopes do not silently grant dangerous organization-admin powers.

## Scopes

Use the narrowest scope set possible. Common scopes include:

* `campaigns:read`, `campaigns:write`
* `contacts:read`, `contacts:write`
* `inbox:read`, `inbox:write`
* `connectors:read`, `connectors:write`
* `billing:read`, `billing:write`
* `api_keys:read`, `api_keys:write`
* `members:read`, `members:write`
* `groups:write`
* `domains:read`, `domains:write`

## CLI auth order

The CLI resolves credentials in this order:

1. `--api-key`
2. `FIRSTSALES_API_KEY`
3. Selected local profile

Use environment variables for CI and AI agents.