> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agnost.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How Agnost authenticates ingestion, dashboard, and API requests

Agnost uses different authentication models for ingestion and dashboard/API access.

## SDK ingestion

SDK ingestion endpoints under `/api/v1/*` use your organization ID in the `x-org-id` header. The org ID is also passed as `org_id` or `write_key` in SDKs.

The org ID is a public routing identifier. It does not grant dashboard read access by itself.

## Dashboard and API access

Dashboard API endpoints use one of these:

| Method  | Headers                                      | Use case                             |
| ------- | -------------------------------------------- | ------------------------------------ |
| JWT     | `Authorization: Bearer <jwt>` and `x-org-id` | Browser/dashboard access after login |
| API key | `x-api-key` and optional `x-org-id`          | Programmatic dashboard/API access    |

API keys use the `agnost_<64-hex>` format and are issued from **Settings -> API Keys**.

## Common mistakes

* Sending `x-org-id` without a JWT or API key to dashboard endpoints.
* Using the wrong org ID when a user belongs to multiple organizations.
* Forgetting the `X-Agnost-Org-ID` header on OpenTelemetry exporters.
* Treating the org ID as a secret. Rotate API keys if they leak; org IDs are routing identifiers.

## Related pages

* [Quickstart](/quickstart)
* [Capture Session](/capture-session)
* [Capture Event](/capture-event)
