# Authentication

To access the API you must authenticate using a custom key created via the API console.

The key should be passed in the X-Api-Key header.
For Example: `X-Api-Key: mycirrus-123456-AABBCCDD11223344`.

## API Keys

To create a key, go to the [API console](https://mycirrus.cloud/developer-api) and click the "Create API key" button.

## Permissions

When creating an API key you must choose the permissions for that key. These scopes control what the key can access:

- `instruments:read` - Allows read access to instruments and related information
- `instruments:write` - Allows write access to instruments and related information
- `instruments:action` - Allows actions to be performed on instruments
- `data.live:read` - Allows read access to live data
- `data.noise:read` - Allows read access to noise data
- `data.enviro:read` - Allows read access to environmental data (weather, particulates, gases, vibration)
- `data.events:read` - Allows read access to event data
- `data.audio:read` - Allows read access to audio data
- `data.system:read` - Allows read access to system health data (calibrations, SIC, monitor stats)
- `webhooks:read` - Allows read access to webhooks
- `webhooks:write` - Allows write access to webhooks