> ## Documentation Index
> Fetch the complete documentation index at: https://docs.extend.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

The Extend API authenticates every request with a Bearer token. Create an API key from your [Developer settings](https://dashboard.extend.ai/developers), then send it with each request — directly in the `Authorization` header, or by passing it once to an SDK client.

## Authenticate a request

The recommended approach is to store your key in the `EXTEND_API_KEY` environment variable so it stays out of source control:

```bash
export EXTEND_API_KEY="YOUR_API_KEY"
```

Every SDK reads `EXTEND_API_KEY` automatically, so you can create a client with no arguments.

With the raw API, set the `Authorization` header on every request. Direct API calls must also include the `x-extend-api-version` header — the SDKs pin the version for you.

```bash cURL
curl https://api.extend.ai/extractors \
  -H "Authorization: Bearer $EXTEND_API_KEY" \
  -H "x-extend-api-version: 2026-02-09"
```

```python Python
from extend_ai import Extend

# Reads EXTEND_API_KEY from the environment automatically
client = Extend()
```

```typescript TypeScript
import { ExtendClient } from "extend-ai";

// Reads EXTEND_API_KEY from the environment automatically
const client = new ExtendClient();
```

```java Java
import ai.extend.ExtendClient;

// Reads EXTEND_API_KEY from the environment automatically
ExtendClient client = ExtendClient.builder().build();
```

```go Go
import (
	client "github.com/extend-hq/extend-go-sdk/client"
)

// Reads EXTEND_API_KEY from the environment automatically
c := client.NewClient()
```

Prefer to manage the key yourself? Pass it explicitly when you create the client — `Extend(token="YOUR_API_KEY")` in Python, `new ExtendClient({ token: "YOUR_API_KEY" })` in TypeScript, `.apiKey("YOUR_API_KEY")` on the Java builder, or `option.WithToken("YOUR_API_KEY")` in Go. An explicit key always overrides the environment variable.

## API key scopes

Every key is scoped to either a single workspace or your whole organization:

* **Workspace keys** — Work only for the workspace they belong to. Nothing else is required.
* **Organization keys** — Work across every workspace in your organization. Each request must set the `X-Extend-Workspace-Id` header to name the target workspace, and only organization admins can create them.

For an organization key, send the workspace header alongside your token:

```bash
curl https://api.extend.ai/extractors \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "x-extend-api-version: 2026-02-09" \
  -H "X-Extend-Workspace-Id: ws_xxx"
```