> ## Documentation Index
> Fetch the complete documentation index at: https://meetbit.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & Authorization

> Understand how to securely authenticate with the MeetBit Public API

MeetBit uses **Clients** as the basis for communicating with the Public API. Multiple Access Keys can be issued under each Client and are used to identify the originator of requests.

## Authentication

To use an Access Key, attach both the access key ID and secret as headers of each request.

```http theme={null}
POST /users
X-Access-Key-Id: MBP-#Udh23 ...
X-Access-Key-Secret: pc#KLf*rD8jeb ...

{}
```

<ParamField header="X-Access-Key-Id" type="string" required>
  Access Key ID
</ParamField>

<ParamField header="X-Access-Key-Secret" type="string" required>
  Access Key Secret
</ParamField>

If your access key is invalid, you will receive a `401 Unauthorized` error with the following response:

```http theme={null}
401 Unauthorized
Content-Type: text/plain
Invalid or missing access key.
```

## Authorization

Each API endpoint requires a different permission. Access Key's adopt the permissions of its Client's role and permissions are configured through the MeetBit Admin Panel.

If your Access Key's Client does not have the correct permissions, you will receive a `401 Unauthorized` error with the following response:

```http theme={null}
401 Unauthorized
Content-Type: text/plain
Access Denied.
```
