---
title: "Authentication"
slug: "authentication"
updated: 2026-05-15T08:04:02Z
published: 2026-05-15T08:04:02Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.supermetrics.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

Access to Supermetrics API is through an API key along with a valid Supermetrics API license. Please see the [Supermetrics team and subscription](/v1/docs/about-supermetrics-team-and-subscription) page for more details on paid licenses to Supermetrics API. You can also follow the steps below and get started immediately.

## Creating an API key

If you have a valid Supermetrics license, you can follow the steps [here](https://docs.supermetrics.com/apidocs/managing-your-api-keys) to create an API key.

## Using an API key

Supermetrics API expects an **api_key** parameter to be included in a request.

```plaintext
https://api.supermetrics.com/enterprise/v2/query/data/json?json={
 "api_key":"<your api key>"
}
```

You can also use the **Authorization** header instead of the parameter.

```plaintext
Authorization: Bearer <your api key>
```

## Secure your API key

An API key provides access to all the data sources you have connected to. It is important that you store this API key securely. Please adhere to the following practises.

- Do not store your API key into applications or other places where it could be exposed to unintended parties.
- Whenever possible, use the Authorization header to transmit the API key.
- When an application only needs access to data from a single query, use a short url. Access is more restricted, and the API key is not visible.
- In case your API key ever gets compromised, please invalidate the API key immediately from the [API Key Management page](https://hub.supermetrics.com/api-key-management) in the Hub.

## Enhanced features

[Managing multiple API keys](/v1-api/apidocs/create-api-key-1), custom CORS headers, IP restrictions and other enhanced features are subject to license restrictions. Please [contact us](/v1-api/apidocs/support) for more information.

## Best practices

- Use the **Authorization** header instead of the **api_key** parameter
- Prefer to use [short urls](/v1-api/apidocs/short-urls) whenever you can