> For the complete documentation index, see [llms.txt](https://docs.atomyx.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.atomyx.io/atomyx-vault/authentication-and-api-keys.md). # Authentication and API Keys It handles user sign-in, workspace membership, product access, and the API keys used to authenticate requests across Atomyx products. ### User authentication Users sign in to Atomyx Vault with their email address and password. Once signed in, they can: * access the workspaces they belong to * manage their profile * switch between workspaces * access the products they have been granted permission to use ### Account creation New users create an Atomyx account through the Vault sign-up flow. A typical account creation process includes: 1. entering name and email address 2. verifying the email address 3. setting a password 4. signing in to the new account An Atomyx account is a personal identity. Access to organisations and products is controlled through workspaces and product-level permissions. ### Password management Users can manage their password through their Vault profile. Vault also supports password recovery through a standard “Forgot password?” flow. ### Two-factor authentication Atomyx Vault supports optional two-factor authentication (2FA). For users with administrative or sensitive access, enabling 2FA is strongly recommended. ### How product access works Authentication and access are layered: 1. a user has an Atomyx account 2. the user is invited into one or more workspaces 3. the user is granted access to one or more products within those workspaces 4. the user’s permissions depend on their workspace and product-level roles Being a member of a workspace does not automatically grant access to every product in that workspace. ### API keys API keys are used to authenticate API calls to Atomyx products. They are managed through Atomyx Vault or the relevant product settings, depending on the product and implementation. Every API request must include a valid API key using the expected request header format for the endpoint being called. ### Generating an API key A typical API key workflow is: 1. open the API key management area 2. generate a new key 3. copy the key immediately 4. store it securely Keys are generally only shown once when generated, so they should be stored safely straight away. ### Recommended API key practices Use separate API keys for: * development * staging * production Also: * rotate keys regularly * revoke and replace keys if compromise is suspected * store keys in environment variables or a secrets manager * never embed keys in public client-side code * never commit keys to source control ### Authentication across the platform Atomyx products rely on Vault for identity, access, and API key validation. This means Vault acts as the shared trust and access layer across: * Atomyx Manage * Atomyx Submit * Atomyx Prepare ### Next steps * Go to **Users, Groups and Roles** for access control setup * Go to **Products and Subscriptions** for product activation and workspace-level product management * Go back to **Make Your First API Call** in the Hub if you want to test API access --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.atomyx.io/atomyx-vault/authentication-and-api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.