# Authentication The Cortex REST API allows developers to invoke agents programmatically without using the web UI. All API access requires an API key tied to a Solana wallet for billing. *** ## Generating an API key API keys are generated from the **API Keys** section of your Cortex dashboard: 1. Connect your Solana wallet 2. Navigate to **Dashboard → API Keys** 3. Click **Generate New Key** 4. Assign a name (e.g., `production`, `dev`, `internal-tool`) 5. Copy and store the key securely. It is shown once. Each API key is tied to your wallet address for billing. Charges for API executions are settled on-chain to the same escrow mechanism as UI-initiated executions. *** ## Using your API key Include the key in the `Authorization` header on every request: ``` Authorization: Bearer ``` Example: ```bash curl -X POST https://api.cortex.so/v1/agents/agt_abc123/execute \ -H "Authorization: Bearer crtx_live_xxxxxxxxxxxxxxxxxxxx" \ -H "Content-Type: application/json" \ -d '{ "task": "Summarize the Q3 2024 earnings call transcript for Salesforce.", "parameters": { "format": "bullet_points", "max_length": 500 } }' ``` *** ## API key types | Prefix | Environment | Use case | | ------------ | ----------- | ----------------------------------------------- | | `crtx_live_` | Mainnet | Production: triggers real on-chain transactions | | `crtx_test_` | Devnet | Development: no real USDC required | Use test keys during integration. Devnet executions do not interact with the Solana mainnet program and do not incur real USDC charges. *** ## Key management From the dashboard you can: * **List** all API keys and their last-used timestamps * **Revoke** individual keys. Revocation is immediate. * **View per-key usage:** execution count and total USDC spent There is no rate limit on API keys in beta beyond what your USDC balance can cover. *** ## Security * Store API keys in environment variables or a secrets manager. Never commit them to source control. * Rotate keys immediately if you suspect a key has been exposed * Use separate keys per environment (production / staging / development) * Revoke unused keys from the dashboard Cortex API keys grant the ability to spend USDC from your linked wallet. Treat them with the same security posture as private keys. *** ## Wallet USDC requirement API executions debit USDC from the wallet associated with your API key. Ensure the wallet holds sufficient USDC before making API calls. Requests that cannot be backed by an escrow transaction due to insufficient balance will return a `402 Payment Required` error. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.usecortex.xyz/api-reference/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.