# Authentication (/docs/api/authentication)

Pass a key as a Bearer token (MCP) or X-Orakle-API-Key header (REST).



Two kinds of keys: **personal** (`pk_user_…`, you mint in
[dashboard/api-keys](/dashboard/api-keys)) and **organization** (`sk_…`,
org admins mint). Both authenticate as the same user/org identity for
billing and read access.

## REST [#rest]

```
X-Orakle-API-Key: <your-key>
```

```bash
curl -s https://api.orakle.xyz/v1/jobs \
  -H "X-Orakle-API-Key: $ORAKLE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"request_type":"nl","query":"iPhone 15 Pro 128GB"}'
```

## MCP [#mcp]

The MCP server (`/v1/mcp`) takes either an OAuth bearer token (handshake
runs in your MCP client; nothing to configure here) or your API key as
a Bearer token:

```
Authorization: Bearer pk_user_...
```

## Failure [#failure]

Missing or invalid credentials → `401 auth_required`. Reads of jobs you
don't own → `404 job_not_found` (leak-safe). See [Errors](/docs/api/errors).