> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ezyshield.com.au/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate API requests with organization-scoped API keys.

ezyshield uses bearer API keys. Every API request must include an API key in the `Authorization` header:

```http theme={null}
Authorization: Bearer <your_api_key>
```

API keys are organization-scoped. The key identifies the organization and the abilities available to the request.

## Create a key

Create your first key in the Dashboard: [app.ezyshield.com.au](https://app.ezyshield.com.au).

After you have a key, you can manage additional keys through the API:

* [List all API keys](/api-reference/api-keys/list-all-api-keys)
* [Create an API key](/api-reference/api-keys/create-an-api-key)

## Abilities

Keys should have only the abilities your integration needs. Abilities are granted when the key is created; updating an API key only changes its name. If an integration needs a different ability set, create a new key and rotate to it.

Available abilities include:

| Ability                      | Use                                                                      |
| ---------------------------- | ------------------------------------------------------------------------ |
| `api_key:read`               | Retrieve API keys.                                                       |
| `api_key:write`              | Create, rename, or delete API keys.                                      |
| `verification:read`          | Retrieve verifications.                                                  |
| `verification:write`         | Create or cancel verifications.                                          |
| `check:read`                 | Retrieve checks.                                                         |
| `check:write`                | Run checks against verifications.                                        |
| `webhook_subscription:read`  | Retrieve webhook subscriptions.                                          |
| `webhook_subscription:write` | Create, update, enable, or delete webhook subscriptions through the API. |
| `aba_check:read`             | Retrieve ABA checks or download regenerated files.                       |
| `aba_check:write`            | Upload ABA files.                                                        |

## First authentication test

Call [Get the current organization](/api-reference/organizations/get-the-current-organization) after creating a key. It confirms the token is valid and attached to the organization you expect.
