> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lyrcs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> All API requests require a Bearer token in the Authorization header

Every request to the lyrcs.ai API (except `GET /health` and `GET /languages`) must include an `Authorization` header with your API key.

```http theme={null}
Authorization: Bearer lyrcs_sk_live_...
```

## Key format

Keys are prefixed with `lyrcs_sk_live_` and are scoped to your organisation. All jobs, usage stats, and webhooks are isolated to the org that owns the key.

## How to get a key

lyrcs.ai API access is available to music distributors, streaming platforms, and rights management companies.

To request a key, email **[support@lyrcs.ai](mailto:support@lyrcs.ai)** with:

* Your company name
* Your use case (e.g. "deliver LRC files to DSPs for Indian language catalog")
* Expected monthly volume (number of tracks)
* Languages you primarily work with

We'll respond within 2 business days with your key and webhook secret.

<Note>
  Keys are per-organisation and include a separate `webhook_secret` used to verify HMAC-SHA256 signatures on webhook deliveries. Keep both values secure.
</Note>

## Example usage

<CodeGroup>
  ```bash curl theme={null}
  curl https://lyrcs.ai/api/v1/usage \
    -H "Authorization: Bearer lyrcs_sk_live_..."
  ```

  ```javascript Node.js theme={null}
  const response = await fetch("https://lyrcs.ai/api/v1/usage", {
    headers: {
      Authorization: "Bearer lyrcs_sk_live_...",
    },
  });
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      "https://lyrcs.ai/api/v1/usage",
      headers={"Authorization": "Bearer lyrcs_sk_live_..."},
  )
  ```
</CodeGroup>

## Security

<Warning>
  Never expose your API key in client-side code, public repositories, or logs. If a key is compromised, contact [support@lyrcs.ai](mailto:support@lyrcs.ai) immediately.
</Warning>

* Store keys in environment variables, not in source code
* Rotate keys if you suspect exposure
* Do not share keys across organisations
