> ## Documentation Index
> Fetch the complete documentation index at: https://hc.saas-manager.biz.nuro.jp/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> IT Management API access requires authentication. The API supports authentication using a Bearer token.

## Obtaining API Keys

1. Log in to the [Admina dashboard](https://itmc.i.moneyforward.com/)
2. Select **Settings** from the top-right user settings menu
3. Choose **API Keys** in the left navigation menu
4. Click the **Create New API Key** button
5. Enter a name for the API key and set an expiration date if necessary
6. Click the **Create** button to generate the API key
7. Copy and save the displayed API key in a secure location

<Info>
  The API key is displayed only once. Be sure to save it in a secure location.
</Info>

## Adding Authentication to Requests

All API requests must include the API key as a Bearer token in the Authorization header.

### Header Format

```
Authorization: Bearer YOUR_API_KEY
```

### Example with cURL

```bash theme={null}
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.itmc.i.moneyforward.com/api/v1/organizations
```

### Example with JavaScript

```javascript theme={null}
const response = await fetch('https://api.itmc.i.moneyforward.com/api/v1/organizations', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY'
  }
});
```

## Security Best Practices

* Do not embed API keys in source code or client-side code
* Use environment variables or secret management systems to manage API keys
* Delete API keys that are no longer needed
* Consider rotating API keys regularly
* Monitor for API access from unexpected locations

## Authentication Errors

If authentication fails, the following error response will be returned:

```json theme={null}
{
  "statusCode": 401,
  "errorId": "unauthorized",
  "message": "Unauthorized"
}
```

If you see this error, check that your API key is correct and has not expired.
