> ## Documentation Index
> Fetch the complete documentation index at: https://docs.daily.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Daily REST API.

The Daily REST API uses API keys to authenticate requests. Your API key is available in the **Developers** section of the Daily [dashboard](https://dashboard.daily.co/).

* **Domain owners** can view and regenerate the API key.
* **Members** do not have access to the API key. Request it from an owner, or ask an owner to grant you administrator privileges.

## Staging and testing

Daily doesn't support adding a second domain to an existing account. To set up a staging environment, sign up for a separate Daily account using a variant of your domain name (e.g. `yourdomain-dev`). The new account's API key is immediately available under the **Developers** tab in the dashboard.

Contact [support](https://www.daily.co/contact/support) after creating the staging account to ensure it has access to the same features as your production account at no extra charge.

## Making authenticated requests

Include your API key in the `Authorization` header of every request:

```bash theme={null}
curl --request GET \
  --url https://api.daily.co/v1/rooms \
  --header 'Authorization: Bearer DAILY_API_KEY'
```

Each API key is scoped to a single Daily domain.

<Warning>
  Never include your API key in client-side browser code. Treat it like a password.
</Warning>

HTTPS is required for all Daily REST API requests.

## Authentication errors

| Condition                                   | HTTP status | `error` value                |
| ------------------------------------------- | ----------- | ---------------------------- |
| `Authorization` header missing or malformed | `400`       | `authorization-header-error` |
| API key is not valid                        | `401`       | `authentication-error`       |

## Rate limits

Daily rate-limits the API to ensure stability for all users. If you exceed the limits, you'll receive a `429` response with `error: "rate-limit-error"`.

| Endpoints                                     | Limit                                       |
| --------------------------------------------- | ------------------------------------------- |
| Most endpoints                                | 20 req/sec, or 100 req per 5-second window  |
| `DELETE /rooms/:name`, `GET /recordings`      | \~2 req/sec, or 50 req per 30-second window |
| Start recording, live streaming, PSTN, or SIP | \~1 req/sec, or 5 req per 5-second window   |

Handle `429` responses by retrying with [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff). [Contact support](https://www.daily.co/contact/support) if you need higher limits.
