> ## Documentation Index
> Fetch the complete documentation index at: https://docs.curvelabs.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate ThinkFeel SDK, CLI, and OpenAI-compatible requests.

Send one API key header with each request. ThinkFeel accepts either the `x-api-key` header or an OpenAI-style bearer token.

Generate keys yourself after onboarding is approved. Standard onboarding users should send one key header on every request. Some approved self-serve personas can use a payment challenge instead of API keys when Curve Labs enables that option for your account.

## Supported API key headers

```text theme={null}
x-api-key: YOUR_API_KEY_HERE
Authorization: Bearer YOUR_API_KEY_HERE
```

For OpenAI-compatible clients, send your key as `Authorization: Bearer`. The `x-api-key` header is still supported for direct ThinkFeel requests.

## Environment variables

SDK and CLI projects should use:

| Variable               | Required | Notes                                                   |
| ---------------------- | -------- | ------------------------------------------------------- |
| `THINKFEEL_API_KEY`    | Yes      | API key created in Playground or through CLI login      |
| `THINKFEEL_PERSONA_ID` | Yes      | Persona UUID provided during onboarding                 |
| `THINKFEEL_BASE_URL`   | No       | Origin only, such as `https://playground.curvelabs.org` |

OpenAI-compatible clients should point their client base URL to `https://playground.curvelabs.org/api/v1`. Depending on the client library, you may need to store the same key as `OPENAI_API_KEY`.

## CLI login and profiles

```bash theme={null}
npx thinkfeel login
npx thinkfeel login --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel login --name "Local dev key" --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel login --profile work --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel profiles
npx thinkfeel use work
```

`thinkfeel login` is the preferred way to set up keys for approved Playground users. It opens browser sign-in, creates a Playground API key after confirmation, encrypts the key to a local callback, and saves it in the ThinkFeel CLI profile without printing the unencrypted key.

## Non-interactive configuration

```bash theme={null}
printf '%s\n' "$THINKFEEL_API_KEY" | npx thinkfeel configure --api-key-stdin --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel configure --api-key-env THINKFEEL_API_KEY --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel configure --profile work --api-key-env WORK_THINKFEEL_API_KEY --persona-id YOUR_THINKFEEL_PERSONA_ID
npx thinkfeel configure --show
```

Use `--api-key-env` or `--api-key-stdin` for automation. Passing API keys as command arguments is intentionally unsupported because shell history and process lists can expose them.

<Warning>
  Never expose your API key in client-side or public code. Store API keys as environment variables or managed secrets, rotate
  keys periodically, and use HTTPS for all requests.
</Warning>
