> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verifiedx.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Get your API key and configure your runtime.

## Get your API key

Sign in to the [VerifiedX dashboard](https://api.verifiedx.me) and open **API keys**. Create a new runtime key for your workspace.

All VerifiedX API keys start with `vxpk_`.

## Configure your environment

For the hosted service, `VERIFIEDX_API_KEY` is the only required variable.

<Warning>
  Never hardcode your API key in source code. Always load it from an environment variable.
</Warning>

```bash .env theme={null}
VERIFIEDX_API_KEY=vxpk_your_runtime_key
```

The SDK reads this automatically on initialization.

<Note>
  This is enough for the normal hosted setup. Most builders do not need any other auth or runtime configuration to get started.
</Note>

## Optional environment variables

Use these only if you need to override the default hosted setup or attach extra runtime metadata.

| Variable                  | Required | Default                    | Description                                                                                                                  |
| ------------------------- | -------- | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| `VERIFIEDX_BASE_URL`      | No       | `https://api.verifiedx.me` | Override the VerifiedX API base URL.                                                                                         |
| `VERIFIEDX_ORG_ID`        | No       | `org_1`                    | Runtime org identifier. For hosted requests, the API key scope is authoritative.                                             |
| `VERIFIEDX_PROJECT_ID`    | No       | `project_1`                | Runtime project identifier. For hosted requests, the API key scope is authoritative.                                         |
| `VERIFIEDX_ENVIRONMENT`   | No       | `prod`                     | Runtime environment label, for example `prod`, `staging`, or `dev`. For hosted requests, the API key scope is authoritative. |
| `VERIFIEDX_AGENT_ID`      | No       | Auto-generated             | Agent identifier shown in runtime context and logs.                                                                          |
| `VERIFIEDX_SOURCE_SYSTEM` | No       | SDK default                | Source-system label for the runtime.                                                                                         |

<Note>
  For the hosted API, org, project, and environment are aligned to the API key scope server-side.
</Note>

## Missing or invalid keys

Missing and invalid keys do not behave exactly the same across SDKs.

* In Python, `init_verifiedx()` fails fast if `VERIFIEDX_API_KEY` is missing from env.
* Invalid, unrecognized, or revoked keys are rejected by the VerifiedX API on the first real request.
* In TypeScript, missing auth usually surfaces when the first VerifiedX request is made rather than at `initVerifiedX()` time.
* If you rotate a key in the dashboard, update the environment variable and restart your process.

Before sending live traffic, run:

<CodeGroup>
  ```bash Python theme={null}
  verifiedx doctor
  ```

  ```bash TypeScript theme={null}
  npx verifiedx doctor
  ```
</CodeGroup>

That reports your loaded config and, when a key is present, checks connectivity to the VerifiedX API.
