> ## Documentation Index
> Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Manage API keys for service access

API keys control access to Guardian and provide fine-grained permission management.
Capabilities can be scoped per area so that each key only has the permissions it needs.

## Capabilities

API keys support scoped permissions per functional area, so each key holds only the permissions it needs. For
the full list of scopes and the endpoints each one grants, see
[Authentication — Scopes](/products/guardian/authentication#scopes).

## Best practices

* Use the principle of least privilege — only grant necessary capabilities.
* Rotate API keys regularly for security.
* Use different keys for different services or applications.
